Security Advisories
FSC-2017-1: Notice on KRACK vulnerability
Description
A security flaw in the Wi-Fi Protected Access II (WPA2) protocol has been publicly disclosed, codenamed KRACK (short for Key Reinstallation Attack).
Affected Products
- Risk Level (Low/Medium/High/Cricital) High
- F-Secure SENSE router
More Information
KRACK (short for Key Reinstallation Attack) describes a security flaw in the handshake traffic of the Wi-Fi Protected Access II (WPA2) protocol. WPA2 is a widely used protocol, and included in all modern routers. A successful attack leveraging this flaw will result in data being stolen, injected or manipulated during transmission between a wireless device and the targeted Wi-Fi network.
Technical details are available from the researcher's website: https://www.krackattacks.com/
Note: While a fix has been released for F-Secure SENSE router, to fully protect against KRACK, all other Wi-Fi capable devices (such as smartphones, tablets, Wi-Fi bridging or 802.11r fast roaming capable routers) should also be updated as and when a fix is made available for them from their manufacturers.
Mitigating Factors
The security flaw can only be exploited successfully when an attacker is within range of the wireless signal between the device and wireless access point. Furthermore, browser data remains securely encrypted for HTTPS websites.
Fix Available
| Components | Versions | Remarks |
|---|---|---|
| F-Secure SENSE router | 2017-10-23_01 – p1.3.21.26 | A firmware release containing a fix has been available in the automatic update channel since 23 Oct 2017. No user action is required. To verify the version, open up SENSE app and navigate to More > Settings > Hardware > Security Firmware & Radio Firmware. |
Date Issued: 2017-10-24
Date Updated: 2017-10-25