Wireless Access

 View Only
last person joined: 2 days ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Expand all | Collapse all

MSM vulnerable to KRACK attacks?

This thread has been viewed 0 times
  • 1.  MSM vulnerable to KRACK attacks?

    Posted Oct 16, 2017 05:50 AM

    Hi,

    a severe WiFi attack vector has been released shortly: https://www.krackattacks.com/

    Questions:

    • Is MSM vulnerable to this?
    • When will security updates be released?
    • What measure are advisable? (E.g. configuration settings)

    Thanks!


    #krack
    #security
    #attack
    #msm


  • 2.  RE: MSM vulnerable to KRACK attacks?

    Posted Oct 16, 2017 09:44 AM

    Aruba has reached out to the teams responsible for the HP MSM series of controllers and the HPE 8xx Unified WLAN Appliance series to obtain status. A separate security advisory will be issued (https://www.hpe.com/us/en/services/security-vulnerability.html) with full details. It has been reported that these products are not vulnerable to the key reinstallation attack in the 4-way handshake or group key handshake when acting as an 802.1X authenticator. The products do not support 802.11r and are not vulnerable to the FT handshake vulnerability.

    source: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf  page 4

     

     



  • 3.  RE: MSM vulnerable to KRACK attacks?

    Posted Oct 17, 2017 04:32 AM

    Thank you @Michael_Breuer! Though, I'm not convinced by their statement. Opportunistic Key Caching (OKC) which is supported by HP MSM is very similar to 802.11r. I hope they'll check thoroughly. Additionally, I tried to contact the security researcher who found this issue. If he provides the test scripts, we would be able to verify this ourselfes.



  • 4.  RE: MSM vulnerable to KRACK attacks?

    Posted Oct 17, 2017 07:18 AM

    The FAQ has been updated to V1.1. Among others, there's the following new paragraph:

    Does the 802.11r FT handshake vulnerability also apply to OKC?
    A: Opportunistic key caching (OKC) is a non-standard but widely-implemented method for achieving
    fast roaming. It existed before the creation of 802.11r. OKC does not use the FT handshake
    and is not affected by the FT handshake vulnerability.

    http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf (Shift-Reload to see the updated version if yours doesn't show V1.1)



  • 5.  RE: MSM vulnerable to KRACK attacks?

    Posted Oct 18, 2017 02:40 AM

    Still not convinced. Even if we assume the fast-roaming part is uneffected, what about the mesh network feature? Using this, the access points get into the role of clients as well. That means they are performing the client parts of the 4-way-handshake.

    According to the description, both clients and access points are vulnerable to this attack. In meshed networks, HP MSM is taking over both roles.

    Maybe an HPE official could elaborate? Still the announced security bulletin from HPE is not available yet. When will it be?



  • 6.  RE: MSM vulnerable to KRACK attacks?

    Posted Oct 18, 2017 09:55 AM

    Not even a whisper so far from HPE...
    This kind of (no)response has consequences.



  • 7.  RE: MSM vulnerable to KRACK attacks?

    EMPLOYEE
    Posted Oct 18, 2017 06:36 PM

    HPE has released a statement.  Both the MSM and Unified WLAN products are not vulnerable to these attacks, including when used in mesh mode.

    https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=null&docLocale=en_US&docId=emr_na-a00029151en_us

     



  • 8.  RE: MSM vulnerable to KRACK attacks?

    Posted Oct 19, 2017 03:35 AM

    Thanks for sharing @jeff1776!

    Where did you get the information about mesh mode? I can't find it in the linked document.

     



  • 9.  RE: MSM vulnerable to KRACK attacks?

    Posted Oct 19, 2017 03:40 AM