Krack Attack: insecure encryption
18. October 2017 MikroTik / Teltonika / Ubiquiti / VARIA

In the past few hours, the news of endangered WLAN networks unsettled users and, of course, manufacturers. Serious security gaps in the WPA2 security standard are reported.

According to Hot Security researchers have discovered the threatening security gaps in the WPA2 encryption protocol, which is used to secure WLAN hotspots. Various security researchers warn that attackers should be able to break into, eavesdrop on and manipulate WPA2 by means of the attack called “KRACK”.

You have to be close by

However, you have to be in the vicinity or in the reception area of the WLAN for an attack. It is not possible to dial into WLAN networks via the Internet at will and carry out these attacks. This significantly limits the potential damage to the vulnerability.

[zitat]
The manufacturers reacted very quickly and provided patches / updates.
[/zitat]

UBIQUITI

Ubiquiti commented that the AC and M series are unlikely to be affected. There will still be updates for the devices in the next few days.
The current status can be followed via the manufacturer’s forum:
https://community.ui.com/questions/WPA2-broken-with-KRACK/5fd96d59-c7a8-4e43-b9b6-39ab04c70af7#answer/60a77817-0a3e-4d71-a1ec-dfe94989ae44

To install the updates, Ubiquiti provides the following instructions:
https://help.ui.com/hc/en-us/articles/204910064-UniFi-Changing-the-Firmware-of-a-UniFi-Device?utm_source=Ubiquiti+Newsletter+Subscribers&utm_campaign=b822866b42-UBNT%3A+WPA2+patch%2C+10-16-17&utm_medium=email&utm_term=0_1c1b02cb37-b822866b42-238324777&goal=0_1c1b02cb37-b822866b42-238324777https://ubnt.us8.list-manage.com/track/click?u=bc856e62a9254399365d0277b&id=29e448f05f&e=514d020af0

MICROTICS

MikroTik published a statement and updates on Monday. If you routinely update your MikroTik devices then no further action is required.
https://forum.mikrotik.com/viewtopic.php?f=21&t=126695

OPNSENSE

This will also be pointed out in the OPNsense forum and an update will probably be published on Thursday.
https://forum.opnsense.org/index.php?topic=6183 .

Turris Omnia

Turris Omnia has already fixed the bug, but warns that after the update there is a possibility that it will not be able to connect to the Wi-Fi network. Then the device simply has to be booted.
https://forum.turris.cz/t/3-8-4-in-rc-with-krack-fix/5381

Teltonika, ALFA Networks

After consultation with Teltonika and ALFA Networks, updates will also be made available for these products in the coming hours.

Please do not hesitate to contact us for any questions or assistance in implementing the important updates.

Get further information and support:

We would be happy to call you back for assistance.
[contact-form-7 id=”2670″ title=”Rückruf KrackAttack”]