KRACKS WPA2 Vulnerability

KRACKS WPA2 Vulnerability

By Eduardo Blanco, CISSP
Posted in Security
On October 17, 2017

A critical weakness has been discovered in WPA2, the ubiquitous protocol that secures Wi-Fi networks worldwide. The attack known as “KRACKS” which is short for Key Reinstallation Attacks, enables attackers within range of the target Wi-Fi network to see data that is presumed to be safely encrypted. This effectively renders organizations that leverage WPA2 vulnerable to theft of critical data such as credit card numbers, passwords, emails, photos, etc. It also makes it possible for a man-in-the-middle attacker to intercept and manipulate the integrity of data and inject malware into an organizations network. The pervasiveness of WPA2 means virtually everyone is affected by this weakness to varying degrees. Android, Windows, Linux, Cisco, Samsung, Brocade are just a sample of the platforms impacted by this.

It is advised that persons refrain from conducting confidential transactions over WPA2-encrypted networks to the greatest extent possible until such time that manufacturers release patches to remediate this vulnerability. Many manufacturers have already released patches. Microsoft has rolled out patches and Cisco has rolled out patches for many of their products as well.

Gotham’s Check Point customers do not need to take action at this time, as Check Point has released a statement that their 600, 700, 110 and 1400 appliances are not vulnerable to this attack. Systems that connect to these appliances may be vulnerable; customers should check the relevant information provided by platform vendors,

This vulnerability was discovered by researcher Mathy Vanhoef from the Belgian University KU Leuven. This information was published on their website below.

For more information as to which platforms are known to have this vulnerability, please visit;