19 October 2017

WLAN security gap "KRACK"

Routers and access points with HOTSPLOTS firmware are not affected by the security flaw.

The media is currently reporting a lot about KRACK ("Key Reinstallation AttaCKs") and the security of WLAN networks. We have compiled the most important facts for you.

What is it about?

The security flaw known as KRACK allows the security and encryption standard WPA2 to be pried out in WLAN under certain conditions. The gap allows the encrypted traffic between access points and clients to be read as plaintext.

Is HOTSPLOTS affected?

Routers and access points with HOTSPLOTS firmware are not affected by KRACK. The problematic feature IEEE 802.11r is not activated in any firmware released by HOTSPLOTS.

What do I need to know as a user now?

 

For sensitive data an end-to-end encryption, e.g. SSL with HTTPS connections or a VPN, should be used. End-to-end encryption is not affected by KRACK. SSL encryption is indicated with an icon in the browser (for example with online banking websites). For WLAN clients (mobile phones, tablets, notebooks etc.) the probability of being affected by the security flaw is much greater than for access points. Both the access point as well as the WLAN client should have IEEE 802.11r disabled so that encrypted WLAN connections can be used in a secure manner. To be sure at home and at work that no one (without a great deal of effort) can decrypt the transmitted data, the software on the terminal must probably be updated, as long as this has not already happened since 16 October 2017.

What do I need to know as a hotspot operator now?

If you have access points from third parties and have WPA2 enabled, e.g. for in-house use, you should check whether these APs and the devices of your employees could be affected by the security breach and, if necessary, update their firmware or replace the devices. Even if WPA2 is activated on an HOTSPLOTS access point, which is only the case on extremely few of our sites, the risk is practically irrelevant; Since the WLAN password is well-known, it would be much easier for an attacker to access the hotspot's access point via a man-in-the-middle attack on the data traffic.