For many years, WPA encryption ('Wi-Fi Protected Access') was regarded as secure – lately, however, key reinstallation attacks ('KRACK') have revealed weaknesses in such Wi-Fi networks.

No need to worry: Device manufacturers offer various patch and update solutions to make the data traffic within Wi-Fi networks secure again. The following article describes the current state regarding the available countermeasures.

 

The KRACK security vulnerability affects all WPA encryption protocols. The 'KRACKER' can read the data transmitted from the client to the server within the affected Wi-Fi network. It is important to point out here that a KRACK attacker does not acquire direct access to the network.

Nine out of ten weaknesses affect the terminal devices. With corresponding device updates, it is possible to reliably close these security gaps and make the Wi-Fi network secure again. This requires the manufacturers providing corresponding updates. As a rule, installing patches and updates affords a high degree of security. This way, Wi-Fi networks can be secured effectively.

 

Who is affected?

KRACK affects all operating systems with a WPA supplicant (Linux, systems from Apple, Microsoft and others), most of all Android. The supplicant is responsible for the client part of the key negotiation during the handshake between a client and access point. This is where KRACK exploits a security gap to manipulate the handshake in order to force the reuse of keys, which in turn leads to a re-authentication process. This allows the encryption protocol to be attacked.

 

Help is already on its way

Basically speaking, the vulnerabilities are down to an inadequate definition of the Wi-Fi standard itself and not the individual terminal devices or implementations. Various workarounds are now available for re-establishing security in Wi-Fi networks.

The following provides an overview of the latest measures from the manufacturers relevant for us.

 

Information as of: 02 November 2017 

Wi-Fi and printers

  • Extremal networks (Wi-Fi): Information on patches can be found here.
  • Intermec (Honeywell): Information on patches can be found here.
  • ZEBRA: Information on patches can be found here.

 

Mobile data capturing

  • Honeywell (Intermec) - Android devices: Information on patches can be found here.
  • Honeywell (Intermec) - Windows devices: Information on patches can be found here.
  • M3 Mobile – Android devices: Information on patches can be found here.
  • M3 Mobile - Windows devices: Patch in progress; as soon as results become available, we will post these for you here. (Official statement from M3: Our products use Laird (old name Summit) Wi-Fi modules (30 and 45 series). When Laird gives us the new patch for this, we will prepare it for the FAQ document).
  • ZEBRA - Android devices: Information on patches can be found here.
  • ZEBRA - Windows devices: Information on patches can be found here.

 

Important: The information in this list will be continuously updated. If you are unable to find a specific device in the list, it may be worthwhile checking the information on this page from time to time (see current status). You can also obtain further information on the individual updates from Timo Sass | Team leader Technical Consulting by calling +49 40 6092934 -50 or by sending an e-mail to tsass@taneri-consulting.com.

 

Efficient security with our MDM solutions

In view of the latest security vulnerabilities, like now with KRACK and BlueBorne a short while ago, we believe that security updates for clients will become increasingly important. We recommend, contrary to the general practice within the market, to regularly install updates and patches, whenever they are available. A patch can fix security holes. If terminal devices do not get an update, these are no longer secure against attacks today.

 

Use a service contract – the simplest way to greater security

Conclusion: Extensive patching isn’t the only option, since there is another way. In corresponding mobile device management (MDM) environments, update and patch releases can be deployed automatically without a great deal of effort. One basis for access to the required patches and updates is provided by service contracts. We would be happy to advise you.

 

For further information on our service contracts, please contact Jonas Kroner by calling +49 40 6092934 -40 or by sending an e-mail to jkroner@taneri-consulting.com. 

Further general information on security in Wi-Fi networks is available online here.

 

 

 

Top