Key Reinstallation AttaCK (KRACK) - WPA2 Vulnerability

  • Solution ID: 1118590
  • Last Updated: Oct. 23, 2017 9:15 PM (PST)
  • Applies to: Antivirus for Mac - 2018;Antivirus+ Security - 2018;Home Network Security - All;Internet Security - 2018;Maximum Security - 2018;Mobile Security for Android - All;Mobile Security for iOS - All;Password Manager - All;Premium Security - 2018;
  • Key Reinstallation AttaCK (KRACK) - WPA2 Vulnerability | Trend Micro

Trend Micro is aware of and has been closely monitoring the latest Vulnerabilities in WPA2 which reportedly exposes Wi-Fi-enabled devices to Eavesdropping.


Summary

A serious flaw in the Wi-Fi Protected Access 2 (WPA2) protocol has recently been discovered. This flaw, called Key Reinstallation Attacks (or KRACK), reportedly allows attackers within range of vulnerable Wi-Fi enabled devices or access points to intercept passwords, messages, and other data.

To work, the KRACK Wi-Fi hack takes advantage of a vulnerable router and connected device. For example, even patched Apple iPhones, iPads or Macs may still be at risk when connected to a vulnerable AirPort router. Almost all modern Wi-Fi routers are currently susceptible to KRACK.

 

Solution

Trend Micro recommends the following best practices to strengthen router and Wi-Fi security:

  • Update Wi-Fi-enabled devices, routers, or the firmware of other hardware whenever possible. Alternatively, switch to Ethernet/wired connections until the vulnerabilities are patched.
  • Use a Virtual Private Network, especially when remotely accessing corporate assets.
  • Regularly update the Wi-Fi router’s credentials to reduce the risk of attack.
  • Configure the service set identifier (SSID) in a way to lower the chance that strangers can discover the Wi-Fi connection/network.