WPA2 KRACK Attack: Important Notes on Security Gap
Since last weekend, on October 15th, 2017, it has been reported in the media that the encryption standard WPA2 may have security vulnerability under certain circumstances. This attack, dubbed as KRACK (Key Re-Use Attack), targets the connection establishment. However, it is stated that wireless LAN passwords cannot be captured in this way. Also data protected via HTTPS (SSL/TLS), such as in HTTPS connections for online banking or transferring login data cannot be decrypted by KRACK.
The attack aims at WPA registration and affects specifically the access point mode 802.11r (roaming acceleration) and also access points in client mode (station mode). bintec elmeg access points in access point mode do not support neither 802.11r nor 802.11s and are therefore not affected by the security gap.
However, there is a theoretical risk of attack in client mode. Our R&D department is currently working at high pressure on a short-term solution for all wireless LAN devices. We recommend our customers to use temporarily an additional end-to-end encryption for safety-relevant applications in client mode.
We will inform you promptly about the availability of the according software update for the devices which are affected. In addition, please obtain information on the availability of updates for your wireless LAN clients at the respective manufacturer. These devices also need to be updated, in order to fix the security gap.
With the Rel.10.1.23 patch1 we provide you a security patch to close the security gap at the client operation mode for the bintec Access Points (W1001n, W1003n, W2003n, W2003n-ext, W2003ac, W2003ac-ext, WI1003n, WOx003n, WOx003ac). For our be.ip Series and for the RS-Series the security patch is not required, because these devices are not effected.