Are LANCOM devices affected by the “KRACK” attack on WPA2?
The security loophole named KRACK is a vulnerability in the WPA2-key handshake used for secure communication in Wi-Fi networks. This vulnerability is a man-in-the-middle attack, whereby the key negotiation between a client and an access point is manipulated in such a way that an attacker can intercept the data communication.
There are three possible attack scenarios:
- A vulnerability in the key handshake is exploited at the client end of the connection. In this case, the manufacturer of your client must provide a fix.
- A LANCOM device operated in client mode is also vulnerable to the key-handshake exploit. This scenario is currently being clarified.
- A LANCOM access point is operated as a base station and offers fast roaming (802.11r). In this scenario, LANCOM devices with Wi-Fi are also affected. The default settings for this feature are disabled, which means there is no risk on the LANCOM device side.
LANCOM are currently working on a security update for fast roaming (802.11r) and it will be released as soon as possible. The following describes where you can check to see if you are using fast roaming (802.11r) and, if applicable, how you disable it.
To deactivate fast roaming (802.11r) on a Wi-Fi enabled router or access point, activate the standard settings for “WPA2 key management” for all of the affected SSIDs.
You can adjust this setting in LANconfig under:
“Wireless LAN -> Encryption -> WLAN encryption settings -> Wireless network X”
on the tab “Advanced -> WPA2 key management”
To deactivate fast roaming (802.11r) on a network managed by a WLAN controller, activate the standard settings for “WPA2 key management” for all of the affected SSIDs.
You can adjust this setting in LANconfig under:
“WLAN controller -> Profiles -> Logical WLAN networks (SSIDs)… -> Name of the SSID -> WPA2 key management”.
For more information on the KRACK attack please see the website related to the discovery below.
Gavin Tobin administrator
About the author