Security advisories | Feb 26, 2019

KRACK Wi-Fi Vulnerability (Key Reinstallation Attacks - WPA and WPA2)

The Threat
Researchers have discovered a flaw that exploits the 4way handshake used by WPA and WPA2. Attackers can reset the encryption key used, allowing them the ability to decrypt some traffic, perform TCP hijacking and perform HTTP injection on vulnerable devices.

On Android 6.0+ and Linux devices all non-HTTPS traffic can be decrypted. Due to skill and proximity barriers, eSentire does not consider this to be an immediate threat. Researchers have stated that they will release proof-of-concept code at "a later date". Therefore, we highly recommend the deployment of patches as they’re released.

Recommended Action
eSentire highly recommends evaluating and deploying patches as they become available from vendors.

Additional Information