The International Consortium for Advancement of Cybersecurity on the Internet (ICASI) has released an alert to a series of vulnerabilities for WPA and WPA2.

These vulnerabilities are at the protocol-level and affect a large number of wireless access points.

This security flaw means that WPA and WPA2-encrypted Wi-Fi traffic is no longer secure until certain steps are taken to remediate the issue.

How do the WPA and WPA2 vulnerabilities work?

An attacker could inject specially-crafted packets into the middle of the WPA/WPA2 authentication handshake, forcing installation of a key known to—or controlled by—the attacker.

This results in the possibility of decrypting and/or modifying client traffic. Traffic already protected by a higher-level encryption protocol, such as HTTPS, VPNs, or application encryption would not be impacted. Depending on the specific device configuration, successful exploitation of these vulnerabilities could allow unauthenticated attackers to perform packet replay, decrypt wireless packets, and to potentially forge or inject packets into a wireless network. This is accomplished by manipulating retransmissions of handshake messages.

When an attacker manipulates certain handshake messages over the air, the exploit results in reuse of some packet numbers when handshakes are performed. The reuse of packet numbers violates the fundamental principle on which the strength of WPA2 encryption and replay security is based. The principle is that for a given key hierarchy, PTK, GTK and IGTK, packet numbers in two original (non-retransmits) packet transmissions protected by them cannot be repeated. For packet pairs where this assumption is violated, it is possible to determine the content of one packet if the plaintext of the other packet is known or can be guessed. Packet number can also permit adversary to replay old packets to the receiver.

What you need to do

We recommend that you contact your IT support partner or the vendor of your Wireless Access Points and ascertain if and when they will be releasing a firmware upgrade or patch to remove these vulnerabilities.

If you have any worries or concerns feel free to get in touch by phone or email.