Security Advisories

FSC-2017-1: Notice on KRACK vulnerability

Description

A security flaw in the Wi-Fi Protected Access II (WPA2) protocol has been publicly disclosed, codenamed KRACK (short for Key Reinstallation Attack).

Affected Products

Risk Level (Low/Medium/High/Critical): High

  • F-Secure SENSE router

More Information

KRACK (short for Key Reinstallation Attack) describes a security flaw in the handshake traffic of the Wi-Fi Protected Access II (WPA2) protocol. WPA2 is a widely used protocol, and included in all modern routers. A successful attack leveraging this flaw will result in data being stolen, injected or manipulated during transmission between a wireless device and the targeted Wi-Fi network.

Technical details are available from the researcher's website: https://www.krackattacks.com/

Note

While a fix has been released for F-Secure SENSE router, to fully protect against KRACK, all other Wi-Fi capable devices (such as smartphones, tablets, Wi-Fi bridging or 802.11r fast roaming capable routers) should also be updated as and when a fix is made available for them from their manufacturers.

Mitigating Factors

The security flaw can only be exploited successfully when an attacker is within range of the wireless signal between the device and wireless access point. Furthermore, browser data remains securely encrypted for HTTPS websites.

Fix Available

Component Versions Remarks
F-Secure SENSE router 2017-10-23_01 – p1.3.21.26

A firmware release containing a fix has been available in the automatic update channel since 23 Oct 2017. No user action is required.

To verify the version, open up SENSE app and navigate to More > Settings > Hardware > Security Firmware & Radio Firmware.

 

Date Issued: 2017-10-24
Date Updated: 2017-10-25