Security Advisory: WPA2 Krack Vulnerability

WPA2 Krack Vulnerability

16th October 2017

WPA2 is the security system used by most wireless (WiFi) networks. It replaced the older obsolete WEP and WPA protocols.
 
In October 2017, researchers studying the WPA2 protocol discovered and demonstrated flaws within the protocol design meaning that client devices' security could be defeated and data intercepted. Client devices are most commonly laptops, phones, tablets etc. but can also include routers and access points in 'special' operational modes.  For someone to implement an attack, they have to be within physical range of your wireless network - it cannot be conducted remotely from the Internet.

if you use an Eclipse wireless product (Managed Router or access point) and you are only using it as the wireless base, then it is not vulnerable to 'Krack' and a patch/update is not necessary for that operation. Your client device (phone, tablet, laptop etc.) however is vulnerable and you should seek advice and an update from your device vendor (the manufacturer of your laptop, phone etc.).

You should check equivalent statements/advisories from the providers of all of your other networking hardware vendors and any wireless device and then follow the advice of each of them regarding any necessary precautions or updates.  Remember to check all Internet/Wireless connected devices, such as those in the list above.

It is important to stress - even if your Managed Router or access point is not affected by this vulnerability, your wireless client (see list of device types are the top of the page) almost certainly is and you should seek updated firmware or software from your vendor.  That may not be available for older devices as vendors do not support products indefinitely (or chipset vendors no longer produce or support the components/code) in which case you should consider retiring your device or mitigating the risk in some other way.