From Silicon Labs: KRACK WPA2 Encryption Protocol Vulnerability

Oct 22, 2017
 

There has been significant press coverage regarding the KRACK attack on the WPA2 protocol used in most modern Wi-Fi systems. With the attack, the security of WPA2 becomes equivalent of using an open, insecure Wi-Fi network. Any service using secure protocols at higher level, such as HTTPS, TLS etc. are still secure.

We are working on patches for our Wi-Fi products.

In the meantime, the mitigation is to secure the implementations using secure application level protocols, such as HTTPS, TLS etc. This should not only be done due to KRACK, but also because that would protect against open Wi-Fi networks, spoofed access points, or monitoring from ISPs or governments. So all systems should be secured at the application levels regardless of KRACK.

Links for how to use TLS / HTTPS:

https://www.silabs.com/documents/login/application-notes/AN974-WG-TLS-SMTP-Example.pdf

https://docs.zentri.com/zentrios/wz/latest/cmd/apps/tls-client

https://docs.zentri.com/zentrios/wz/latest/cmd/apps/https-server

https://docs.zentri.com/zentrios/wz/latest/cmd/apps/https-intermediate-certs

https://docs.zentri.com/zentrios/wz/latest/cmd/apps/web-page-tls-cert

Links regarding the attack:

https://www.krackattacks.com/

https://www.wired.com/story/krack-wi-fi-iot-security-broken/

https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-security-update

Source: http://community.silabs.com/t5/Official-Blog-of-Silicon-Labs/KRACK-WPA2-Encryption-Protocol-Vulnerability/ba-p/212787



Subscribe

Sign up to get tech news, product updates and store promos from Symmetry Electronics.

Subscribe

Blog Archive

  2019
  2018
  2017
  2016
  2015
  2014
  2013
  2012
  2011
  2010
  2009

Previously Viewed Products