A vulnerability on the implementation of a global standard encryption scheme for Wi-Fi connections is certainly big news. It is scary to imagine that this protocol is implemented in every device connecting via Wi-Fi and that a vulnerability in it could put virtually everyone around the globe at risk. It is an alert to the catastrophic impact that corruption of widely adopted protocols and systems can cause. So, the buzz around this issue is important to raise awareness and to feed the conversations about how we can improve security and how to be prepared to tackle critical vulnerabilities . At the same time it is critical to cut through the noise to understand the risk and devise appropriate measures to mitigate it.
- There is no attack at this point – Despite the “market” name, the attack is a proof of concept (POC) demonstrated by researcher Mathy Vanhoef, from Belgian University KU Leuven who uncovered the vulnerability. There are no reports of actual attacks or successful breaches associated with this vulnerability at this point.
- The attack can only happen within the Wi-Fi network – Remote attacks aren’t possible using this vulnerability alone. A successful attack would need to be launched and managed by a device connected to the same Wi-Fi network.
- All devices connecting via Wi-Fi may be at risk – Even though there are no reported attacks and exploitation requires physical presence, this weakness in the implementation of the WPA2 protocol potentially affects ALL devices connecting via Wi-Fi.
To learn more about what Flexera’s Secunia Research team has discovered about KRACK go to our blog or engage your dedicated software rep to learn more about Flexera’s Software vulnerability manager