Vendors Confirm That Industrial Solutions Are Vulnerable to KRACK Attacks
Several companies, including Cisco, Rockwell Automation, Sierra Wireless, ABB and Siemens, have reported vulnerabilities in their industrial devices. The vendors are preparing updates to close these vulnerabilities and will release the patches as they are ready.
The Relevance of WPA2 Vulnerabilities and KRACK Attacks to Industrial Systems
Critical vulnerabilities that have recently been identified in the WPA2 protocol enable threat actors to carry out Man-in-the-Middle (MitM) attacks and force devices connected to the network to reinstall encryption keys that protect traffic. These vulnerabilities can be used, among other things, to implement attacks on industrial automation systems.
WPA2 Vulnerabilities Can Be Used to Attack Industrial Systems
On October 16, information on critical vulnerabilities in the WPA2 protocol, which enable attackers to bypass protection and listen to Wi-Fi traffic, was disclosed. Comments from Kaspersky Lab ICS CERT experts