Knowledge Base

Network Security Bulletin – “KRACK” – Key Reinstallation Attacks

October 16th, 2017

Computer Integrated Services’ Network Security Team is monitoring the following…

At 12:37AM EST on October 16th, 2017, ARS Technica disclosed to the World a “new” flaw in a wireless protocol (communication language).  They call it KRACK (“Key Reinstallation Attacks”).  This vulnerability theoretically makes it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.

This issue potentially affects any device using WPA2 (Wi-Fi Protected Access II).  To quote one report, “Both Windows and iOS aren’t believed to be vulnerable to the most effective attacks. Linux and Android appear to be more susceptible.”

CIS is monitoring this issue on behalf of our clients, and will provide patches or further advisories when they are available from manufacturers.  At the time of this writing, the attack has NOT been reported to have stolen any information. If you have specific concerns about this issue, please contact the CIS Service and Support Desk at support@cisus.com.