TPG Community

Get online support

Flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

SOLVED Go to solution
Fink_Ployd
Level 3

Flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping.

 

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.
According to a researcher who has been briefed on the vulnerability, it works by exploiting a four-way handshake that's used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it's resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.
The vast majority of existing access points aren't likely to be patched quickly, and some may not be patched at all. If initial reports are accurate that encryption bypass exploits are easy and reliable in the WPA2 protocol, it's likely attackers will be able to eavesdrop on nearby Wi-Fi traffic as it passes between computers and access points. It might also mean it's possible to forge Dynamic Host Configuration Protocol settings, opening the door to hacks involving users' domain name service.

 

 https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-tra...

 

Anything to worry here or does the modem get updates automatically from Netgear?

1 ACCEPTED SOLUTION

Accepted Solutions
Fink_Ployd
Level 3

@Manuel wrote:

Hi @Fink_Ployd,

 

Here is a link directly to Netcomms response to the Krack security flaw.

 

https://support.netcommwireless.com/faq/krack-key-reinstallation-attacks-overview

 

There is a small number of Modems from Netcomm that may have an issue. Please refer to the above link for more specific information.

 

Hope that helps

 

 Thanks Manuel.


 

View solution in original post

4 REPLIES 4
Manuel
Community Manager

Hi @Fink_Ployd,

 

The lastest update in regards to the modems we supply is in the below community link below.

https://community.tpg.com.au/t5/Broadband-Internet/Update-KRACK-WPA-Security-Flaw/m-p/1015#M371

 

In your post you talk about a Netgear modem which we don't actually supply. I have found a link to the Netgear website which will help you with any Netgear and WPA2 protocol issues (Krack WPA security issue).

http://www.netgear.com.au/search.aspx?q=krack

 

Fink_Ployd
Level 3
Sorry,I meant a Netcomm modem.
Manuel
Community Manager

Hi @Fink_Ployd,

 

Here is a link directly to Netcomms response to the Krack security flaw.

 

https://support.netcommwireless.com/faq/krack-key-reinstallation-attacks-overview

 

There is a small number of Modems from Netcomm that may have an issue. Please refer to the above link for more specific information.

 

Hope that helps

 

 

Fink_Ployd
Level 3

@Manuel wrote:

Hi @Fink_Ployd,

 

Here is a link directly to Netcomms response to the Krack security flaw.

 

https://support.netcommwireless.com/faq/krack-key-reinstallation-attacks-overview

 

There is a small number of Modems from Netcomm that may have an issue. Please refer to the above link for more specific information.

 

Hope that helps

 

 Thanks Manuel.