KRACK安全警报
Alcatel-Lucent Enterprise important update
Wi-Fi的一个缺陷 水渍险 security protocol makes it possible for attackers to eavesdrop on your data when you connect to Wi-Fi. 被称为布莱恩, the issue exploits limitations in implementations of the handshake processing defined in the 802.11 protocol—and “works against all modern protected Wi-Fi networks,” according to 数学Vanhoef发现它的研究人员. That means that if your device uses Wi-Fi, KRACK likely impacts it.
KRACK是如何破坏Wi-Fi安全性的?
KRACK (Key Reinstallation AttaCK) targets the third step in a four-way authentication “handshake” performed when a Wi-Fi client attempts to connect to a protected Wi-Fi network. The encryption key can be resent multiple times during step three, and if attackers collect and replay those retransmissions in particular ways, 802.11 .安全加密可以被破解. For a more technically detailed explanation, check out 数学Vanhoef’s 黑客攻击网站.
What product lines are affected by KRACK?
OmniAccess®WLAN
OmniAccess®恒星WLAN
OmniTouch® 8118/8128/8128SE WLAN Handset
I own an OmniAccess WLAN product what should I do?
Update your IAP, AP and controller to the latest available software release which patches the flaw. 请参考这个 文档.
I own an OmniAccess Stellar WLAN product what should I do?
ALE has already released a firmware upgrade that fixes this issue and is available on the ALE support website. Please check this page for the latest information about security advisories: http://riqrw.sorizu.net/en/support/security-advisories 看看是否有更新. 更准确地说,请参考这个 文档.
Is t在这里 a workaround to mitigate the issue while waiting for the patch?
是的,你可以关闭802.11r. The only impact is that fast roaming will not work and voice over WLAN applications might potentially experience some problems in case a client has to roam from an AP to another. Please note that ALE VoWLAN IP Phones support OKC for fast roaming so they are not impacted when 802.11r被禁用.
I own 8118/8128/8128SE WLAN Handset products; what should I do?
ALE is working on the related software corrections and will publish updates as soon as possible on our ALE public website for security advisories: http://riqrw.sorizu.net/en/support/security-advisories. Please check this page for the latest information. 更准确地说,请参考这个 文档.
What happens when Wi-Fi security is broken?
The attacker can eavesdrop on all non-encrypted traffic you send over the network. This can be abused to steal sensitive information such as credit card numbers, 密码, 聊天信息, 电子邮件, 照片, 等等......。. Please note that if your traffic is encrypted with a higher-level protocol like HTTPS and or TLS, 那你就安全了.
Is Wi-Fi security being broken in the wild?
“We are not in a position to determine if this vulnerability has been (or is being) actively exploited in the wild,范霍夫说. CERT’s advisory didn’t include any information about whether KRACK is being exploited in the wild, 要么. T在这里 are no automated tools that allow someone to deliver this attack in a simple way today. Now for some somewhat settling news: Iron Group CTO Alex Hudson说 an attacker needs to be on the same Wi-Fi network as you in order to carry out any nefarious plans with KRACK. “You’re not suddenly vulnerable to everyone on the internet,” he says.
How to protect yourself from KRACK’s Wi-Fi flaw
Stick to websites that use HTTPS encryption. Check for the green lock in the address bar that ensures your web browser shows it is safe to browse with HTTPs. Secure websites are still secure even with Wi-Fi security broken. The URLs of encrypted websites will start with “HTTPS,” while unsecured websites are prefaced by “HTTP.” The Electronic Frontier Foundation’s superb HTTPS Everyw在这里浏览器插件 can force all sites that offer HTTPS encryption to use that protection. If you’re using an encrypted virtual private network (VPN) then your traffic is secured even in case of a successful KRACK attack.
我应该更改Wi-Fi密码吗?
This vulnerability does not expose nor reveal your Wi-Fi credentials in use on the network to an attacker. T在这里fore, t在这里’s no need to change the password as part of a mitigation. The exploit targets information that should have been encrypted by the WLAN infrastructure, so the attacker doesn’t need to crack your password to implement it.
最后请注意
ALE is investigating the potential impact on other products and will publish updates as soon as possible on our ALE public website for security advisories. Please regularly check the page for the latest information.