| EnGenius Advisory: WPA2 KRACK Vulnerability |
What Has Happened
On
October 16, 2017 a public announcement was made by security researchers
who discovered a weakness in the Wi-Fi Protected Access 2 (WPA2)
protocol that is used in all modern Wi-Fi networks. A malicious attacker
in range of a potential unpatched victim can exploit this weakness to
read information that was previously assumed to be safely encrypted. The
vulnerability is within the Wi-Fi IEEE 802.11 standard itself, and is
therefore not unique to any particular access point or client device
vendor. It is generally assumed that any Wi-Fi enabled device is
potentially vulnerable to this particular issue.
A Summary of How WPA2 Security Works
WPA2-AES
security consists of both authorization and encryption. The
authorization step is used to determine whether a particular client is
allowed to access the wireless network, and comes in two flavors,
Personal and Enterprise. In WPA2-AES Personal, a pre-shared key or
passphrase is used to provide the key identifying credential. In
WPA2-AES Enterprise, the Extensible Authentication Protocol (EAP) is
used to validate the client credentials against an external RADIUS or
Active Directory server. In either the WPA2-AES Personal or WPA2-AES
Enterprise scenario, once the client's authorization credentials are
validated, a unique set of encryption keys are established between that
particular access point and that particular client device, to encrypt
the traffic between them. This encryption process is done via a four-way
handshake, where particular keys are passed back and forth between the
access point and the client device so each can derive the appropriate
unique encryption key pair.
A Summary of the Vulnerability
The
security researchers discovered that they could manipulate and replay
the third message in the four-way handshake to perform a key
reinstallation attack (KRACK). Strictly speaking, each key that is
passed in the four-way handshake should only be used once and never
re-used. However, in a key reinstallation attack, the attacker pretends
to be a valid access point and tricks the client device into
reinstalling a key that is already in use, serving to reset the transmit
and receive packet numbers. For WPA2-AES, the attacker can then derive
the same encryption key as the client device, and then decode upstream
traffic from the client device to the access point. For the older (and
less secure) WPA-TKIP, the attacker can go even further, and potentially
forge and inject new packets into the data stream.
For an attack
to be carried out to take advantage of this vulnerability, it must be
done by a malicious actor conducting a man-in-the-middle attack (i.e.
pretending to be an AP on your network and serving to be a relay between
the client device and the legitimate wireless network).
How This Vulnerability Impacts EnGenius Products and Networks
As
the issue occurs on client devices, the first step for any network
operator is to check with your client device manufacturers for security
patches and updates and apply these updates as soon as they are
available.
This particular vulnerability has no direct impact on
any EnGenius APs operating in 「access point」 mode. However, EnGenius
access points that are used as client devices (i.e. Electron™ APs
operating in 「client bridge」 mode) or any access points that are used
for point-to-multipoint communications (i.e. Electron™ APs operating in
「WDS bridge」 or 「WDS station」 mode) are potentially impacted by this
vulnerability in the IEEE 802.11 protocol. Furthermore, some advanced
applications and features, such as mesh networking and fast roaming
(i.e. 802.11r), may also be potentially vulnerable to this issue.
EnGenius
software developers are currently actively investigating the impact of
this vulnerability across all of the products in our product portfolio,
and will be issuing firmware releases in the coming days and weeks to
address this issue. In the interim, EnGenius still recommends the
continued use of WPA2-AES Personal or WPA2-AES Enterprise for network
security. Do not use WEP and do not use WPA-TKIP, as the vulnerabilities
of those deprecated security protocols are significantly more serious
and easier to execute by a malicious attacker.
FAQs
1. Can I still run my EnGenius Wi-Fi network?
a. Yes, you can still run your EnGenius Wi-Fi network. There is no need to shutdown or replace your EnGenius devices.
b. This vulnerability is within the Wi-Fi IEEE 802.11 standard itself, and
is therefore not unique to any particular access point or client device
vendor. It is generally assumed that any Wi-Fi enabled device is
potentially vulnerable to this particular issue.
2. Are EnGenius wireless products vulnerable to this type of attack?
a. EnGenius wireless products running in 「AP mode」 have no direct impact from this vulnerability.
b. EnGenius
access points that are used as client devices such as APs operating in
「client bridge」 mode or any access points that are used for
point-to-multipoint communications such as APs operating in 「WDS bridge」
or 「WDS station」 mode are potentially impacted by this vulnerability in
the IEEE 802.11 protocol.
c. Furthermore, some advanced
applications and features, such as mesh networking and fast roaming via
802.11r, may also be vulnerable to this issue.
3. Is my wireless network still secure?
a. Yes, there is no evidence that the KRACK vulnerability has been used maliciously.
b. Yes,
all passwords and certificates are still secure. This type of
vulnerability does not affect passwords, authentication tokens or keys.
c. A Krack attacker must be onsite to conduct this type of attack.
d. The
malicious actor must also decrypt over-air traffic between the AP and
your clients in order to gain any access to your information, and this
is not easily done.
e. EnGenius still recommends the continued use of WPA2-AES Personal or WPA2-AES Enterprise for network security.
f. Do not use WEP and do not use WPA-TKIP, as the vulnerabilities of those
deprecated security protocols are significantly more serious and easier
to execute by a malicious attacker.
4. What can I do immediately to ensure my clients are kept secure?
a. This
vulnerability also impacts client devices, be sure to check with your
client device manufacturers and implement any available security patches
and updates. Major device vendors are working on fixing these
vulnerabilities and will make patches available as soon as possible.
b. Until client device updates are made available, consider disabling the
802.11r Fast Roaming feature to help reduce vulnerability.
5. When will EnGenius provide security patches and updates for this vulnerability?
a. EnGenius software developers are currently working on security patches and will issue firmware releases as soon as possible.
b. For up to date information about affected EnGenius products, refer to
the Vulnerable Product Updates page
(https://www.engeniustech.com/available-wpa2-patches.html)
For More Information
The website www.krackattacks.com provides a detailed summary of the issue along with links to the research paper and tools detailing the vulnerability.
Release Schedule
Before 10/24
EWS860AP
EWS650AP
EWS660AP
EWS870AP
EWS871AP
EAP1300
EAP1300EXT
EAP2200
ENS500EXT-AC
ENS500-AC
ENS620EXT
EnStation5-AC
ECB1750
ECB1200
EWS310AP
EWS320AP
EWS350AP
EWS360AP
EWS550AP
EWS370AP
EWS371AP
EWS1025CAM
Before 10/27
EWS300AP
EWS210AP
EWS500AP
EWS510AP
ENH202v2
ENH500v2
ENH220EXT
ENH710EXT
ENH900EXT
ENH1750EXT
ENS202
ENS202EXT
ENS500
ENS500EXT
EnStation 2
EnStation 5
EnStationAC
ENS1750
ENS1200
EAP350v2
EAP600
EAP900H
EAP1200H
EAP1750H
EAP150v2
EAP300v2
Before 10/31
ESR300H
ESR350H
ESR600H
ESR750H
ESR300
ESR350
ESR600
ESR900
ESR1200
ESR1750
EPG5000
EMR3000 |
|
|
