Post Now

Important Know-hows to Tackle WPA2 WiFi Vulnerability!

Image

You might be obviously aware by now about the vulnerability in the WPA2 wireless Protocol (affecting most of the wifi devices) which could allow attackers to eavesdrop on the traffic between computer and wireless access points.

You might be obviously aware by now about the vulnerability in the WPA2 wireless Protocol (affecting most of the wifi devices) which could allow attackers to eavesdrop on the traffic between computer and wireless access points.

What you should know:

  1. Only an unpatched device that connects over WPA2 is under threat
  2. Vulnerability doesn't reveal the WPA2 key. It only allows parts of the communication to be sniffed.
  3. Since most WiFi communications these days are likely to be HTTPS and SMTP-S the attacker would end up sniffing only TLS encrypted traffic.
  4. Till now there are no reports of any widespread attacks based on this issue.
  5. Windows and iOS users (with the latest software) are not vulnerable to the sniffing attack
  6. Android devices and routers from popular vendors are affected and some of them have already released some patches to prevent key reuse.
Many WiFi product companies have already released firmware updates on the issue. We request all the users to update their product as soon as the updates become available. If you are using an outdated device which doesn't have support from the manufacturer, you may check if the device supports free open source firmware (ddwrt) with the patch. If one of the devices is patched (either the wifi client or the access point), it will give you protection.   

Companies who have rolled out updates and advisory on this issue

Arch Linux , Aruba Networks, DD-WRT, Debian, FortinetIntel, Linux, Meraki, MikroTik, OpenBSD, Open-Mesh & CloudTraxpfSense, Red Hat, Turris Omnia, Ubiquiti, Ubuntu, WatchGuardWiFi Alliance,Zyxel

Espressif

ESP-IDF, ESP8266 RTOS SDK, & ESP8266 NONOS SDK on their Github page.

Netgear

Updated have been released for productsWN604, WNDAP620, WAC720/WAC730, WNAP210v2, WNDAP660, WND930, WAC505 / WAC510, WAC120, WNAP320, & WNDAP350.

Microsoft

Microsoft has already released the patch for the vulnerability in the October 10th security updates. Kindly request users to update it as soon as possible.Companies which announced patched will be available soon: Lede, Belkin, Linksys, Wemo, Cisco, Fedora, Toshiba, TP-Link, FreeBSD

How to protect yourself?

1) We advise users to update their firmware as soon as the update is available. For old products, users may need to login into their WiFi console and check for patches2) When accessing highly confidential information try to add an extra layer of encryption ( for example VPN).3) Always try to use HTTPS if it is available for the website you are visiting. It is recommended that you may use a browser plugin like HTTPS Everywhere4) Always use an extra layer of encryption for all your network traffics which carry sensitive innhold by using technologies such as Secure Shell, and other reliable protocols to encrypt.4) All the home users are requested to change the admin login password from the default.
 Read more on:WPA2 protocol is vulnerable to eavesdropping - almost all devices are affected!