TPG Community

Ask, answer and talk about our products

Flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Level 1

Flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping.

 

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.
According to a researcher who has been briefed on the vulnerability, it works by exploiting a four-way handshake that's used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it's resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.
The vast majority of existing access points aren't likely to be patched quickly, and some may not be patched at all. If initial reports are accurate that encryption bypass exploits are easy and reliable in the WPA2 protocol, it's likely attackers will be able to eavesdrop on nearby Wi-Fi traffic as it passes between computers and access points. It might also mean it's possible to forge Dynamic Host Configuration Protocol settings, opening the door to hacks involving users' domain name service.

 

 https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-tra...

 

Anything to worry here or does the modem get updates automatically from Netgear?

1 REPLY
Community Manager

Hi @Fink_Ployd,

 

The lastest update in regards to the modems we supply is in the below community link below.

https://community.tpg.com.au/t5/Broadband-Internet/Update-KRACK-WPA-Security-Flaw/m-p/1015#M371

 

In your post you talk about a Netgear modem which we don't actually supply. I have found a link to the Netgear website which will help you with any Netgear and WPA2 protocol issues (Krack WPA security issue).

http://www.netgear.com.au/search.aspx?q=krack