Monday, October 16, 2017

Security Notice: Key Reinstallation Attack

Background

On October 16, a WPA2 exploit was disclosed known as Key Reinstallation Attack (KRACK) that affects all WPA2 protected WiFi networks. This exploit could lead to user's WiFi traffic becoming compromised.

Impact

  • This exploit affects any wireless product using WPA2 encryption, which includes all IES access point products.
  • Those using 802.11r or mesh repeaters are most susceptible.
  • Client devices that have not received a security update specifically addressing this issue are also susceptible.
  • The exploit requires physical proximity to the network.

Fix

  • A new firmware version is currently under test, and we expect to qualify and publish the new version of 6.3 by end of day Tuesday, October 17. An update to 6.4 will be available at that time or shortly after.
  • Once new firmware is available, all networks will begin upgrading during their scheduled maintenance window automatically
  • We will also be patching older versions of our WiFi software, including 481, 590, 6.1 & 6.2, with availability end of this week.

Mitigation

  • In the meantime, we have turned off 802.11r on all IES WiFi devices until they have received the firmware update
  • End users should contact their WiFi client device manufacturers for security updates related to their specific client devices.

Questions / Feedback

If you have any questions or concerns about this vulnerability or the upgrade process, please reach out to IES support