NC-Wireless Security Updates

Key Reinstallation Attack

10/18/2017

Technology companies are starting to respond to a new Wi-Fi exploit affecting all modern Wi-Fi networks using WPA or WPA 2 encryption. The security vulnerabilities allow attackers to read Wi-Fi traffic between devices and wireless access points, and in some cases even modify it to inject malware into websites. Security researchers claim devices running macOS, Windows, iOS, Android, and Linux will be affected by the vulnerabilities.

The flaw affects everything from Android, Linux and Windows to Apple, OpenBSD, MediaTek, and Linksys, among other systems. The key reinstallation attack is exceptionally devastating against Linux and Android 6.0 or higher. Most attacks can only recover a subset of all communications. On Android and Linux devices, however, an attacker can typically obtain a complete copy of all communications.

While NC-Wireless is using a form of Wi-Fi to connect our networks, it is a proprietary protocol that does not communicate openly with standard Wi-Fi gear, as used on a laptop or home router.

That being a security advantage in it’s own right, Ubiquity (our hardware vendor) has released a firmware patch that removes the KRACK vulnerability on all of our network equipment. This patch was installed network-wide early Wednesday morning (10/18/17).

If you are using a consumer grade Wi-Fi device such as Linksys, Netgear or Belkin routers and are concerned about possible security breaches, you should contact the manufacturer about a firmware update for your device.

All routers and access points supplied and managed by NC-Wireless are fully protected, and no further action is required by you.

If you would like to upgrade to a managed router or access point, contact us to schedule a site evaluation.