A research work by Mathy Vanhoef and Frank Piessens from the research group of KU Leuven university has identified and published a new security issue associated with Wi-Fi WPA2 encryption mechanisms, for this the researchers developed a specific method to perform a series of tests, described on the following website.
Major industry players have already planned the resolution of the identified issues and have already provided software update patches to address these issues, whilst others are actively working on the same front. Furthermore, this research work was not intended to be and nor has it been disseminated, and there is no indication that it has been exploited maliciously by hackers.
WBA work-streams mainly focus on deployments of public Wi-Fi and recommend the use of security mechanisms and best practices, such as:
- Authentication portals, HTTPS usage
- TLS / VPN usage
- Network driven detection of threats (e.g. rogue Access Points)
Many of these features are widely available today on public hotspots from the WBA membership, which mitigate the security issues identified on the research. Overall the issue is perceived as easily containable from the infrastructure vendor perspective and device vendor community will fast-track the patching process to completely eradicate it.
Moreover, WBA members have been advocating robust security mechanisms (not related with this hack issue), such as, traffic isolation and firewall use in a hotspot, blocking incoming connection requests and responses and monitoring and filtering traffic.
WBA will continue work with peer industry bodies on these findings and have a specific work stream on security & privacy on its 2018 roadmap of activities.
Any questions, please contactus@wballiance.com
