On Monday, October 16, 2017 the United States Computer Emergency Readiness Team (CERT) disclosed news that a security flaw had been identified in the Wi-Fi Protected Access II (WPA2) encryption implementation. This flaw interrupts the four-way handshake between client and access point, bypassing the encryption and exposing data. It is reported that the flaw may allow attackers to modify the intercepted data and possibly inject malware. An affected Vendor list has been established by CERT under VU#228519 available at www.cert.org.
KLIK Communications products using WPA2 encryption are the KB801 KLIK Boks. The KB801 employs an 802.11b/g/n radio that employs WPA or WPA2 encryption when security is enabled. Data transmitted between a client device and the KB801 is subject to the same vulnerabilities reported by CERT, under certain conditions. The functional nature of the KB801 and its application and standard deployment has been determined to pose little to no risk to network environments where the product is installed.
In the use-case of clients connecting directly to the KLIK Boks KB801 in Virtual Access Point mode, attackers would need to be within range of the product’s radio to intercept any transmissions. Since the KB801 is a network end-point and provides no routing, switching or access functions, it does not represent an entry point to the network. Any vulnerability would be on the client side, where an open Wi-Fi channel would pose a threat, even connected to the local Access Point.
In all other use cases, where the KLIK Boks connects to the LAN or a secure AP, the KB801 poses no risk to network users. When connected to an AP as a client, the KB801 will handshake but will never provide access to or broadcast any content, leaving no vulnerability. In wired 802.3 configurations the issue is moot.
Given the nature of the vulnerability, early indications are that the flaw will be remedied directly by the major vendors listed by CERT. While Windows and Apple iOS devices are not vulnerable to the four-way handshake attack, they are vulnerable to other forms of attack stemming from the same flaw. Microsoft have at this writing already released a patch as have several hardware and silicon vendors.
For further information about this vulnerability and how you can protect your environment see the original paper about the “KRACK” at https://www.krackattacks.com/
