How “KRACK” (Key Reinstallation AttaCK) affects video security, surveillance cameras, access control and IoT devices.
A Serious flaw has recently been discovered in the Wi-Fi Protected Access WPA2 protocol that lets attackers intercept passwords and more. This one of the more serious threats our new connected world has faced. Security flaws do not get much worse than this, Krack affects nearly every wireless device using WPA2 that has not been patched. The risk is especially severe because WPA2 is used on a majority of internet-enabled mobile devices, access points and router’s.
As we advise with your video security cameras and all surveillance equipment Check your manufacturers website for firmware updates to patch this weakness. We will include a list of vulnerable devices along with links to the manufacturers firmware support sites at the end of the post.
Keep in mind the vulnerability is in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely to be vulnerable. The vulnerability could affect all software platforms, including Microsoft Windows, macOS, iOS, Android, Windows and Linux. This means your video security cameras, network connected digital video recorders and encoders are at risk as well.
According to United States Computer Emergency Readiness Team “(US-CERT) has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected.”
In an interview with Wired @DrKevinFu warns that the Krack Wi-Fi mess could take decades to clean-up. “For the general sphere of IoT devices, like security cameras, we’re not just underwater,” says Kevin Fu, a computer scientist at the University of Michigan who focuses on medical device security. “We’re under quicksand under water.”
Krack WPA2 wireless security vulnerability. Check your wireless device manufacturers website for latest firmware for all devices that implement the WPA2, Wi-Fi Protected Access.
Below is a partial list of affected manufacturers. CERT has put together a detailed list to check to see how your manufacturer is affected with links to manufacturers website.
Arch Linux – WPA Supplicant patch