Vulnerability in WPA2 Affects WiFi

Name
Vulnerability in WPA2 Affects WiFi
Tracking Number
2017-014
First Publish Date
19-Oct-17
Date of Current Status
4-Dec-17
Next Planned Update
30-Dec-17
Description
A vulnerability in WPA2 security for WiFi (wireless networks) can allow attackers to read unencrypted network traffic.
What You Need To Know?
A researcher released a description and proof of concept code that takes advantage of a previously-unknown flaw in WPA2. In some very limited situations WPA2 will re-use encryption keys which allows attackers to read unencrypted network traffic. This attack is not easy to use and attackers must be within reception distance of the wireless network. Because this is a defect in WPA2 itself it potentially affects all WiFi devices that support WPA2. Patches for all major operating systems are available or will be available shortly.
What is Xerox Doing About This?
The majority of Xerox devices that support WiFi connections do so via an optional external adapter. Xerox partners with third party companies to supply these adapters. Xerox is collecting information from its partners regarding whether or not they are vulnerable and what the next steps should be. For Xerox devices that have WiFi built-in, patches will be made available.
Impact
Attackers taking advantage of this WPA2 flaw can only read unencrypted network traffic. Traffic over encrypted protocols such as HTTPS cannot be read.
What Should You Do?
  • This is very difficult to exploit and requires skill and patience on the part of the attacker.
  • Attackers must be able to access the wireless network and physical security should be maintained where possible.
  • This attack only decrypts WPA2 so only unencrypted network traffic is revealed. Use only encrypted protocols such as HTTPS for all network traffic. Check with your device administrator to confirm your Xerox device is set to use only encrypted protocols.
  • Most Xerox products that support WiFi use a WiFi adapter from third parties. Xerox is working with its third parties to identify which, if any, of these are vulnerable and what the next steps should be.
  • For the small number of Xerox products that have WiFi built in patches will be made available at a later date.