Asgent

Japanese

Public Relations

Wireless Security Solution "Coronet" Protects Against WPA/WPA2 Vulnerability "KRACK"
- Provides secure communications even in vulnerable environments -

October 26, 2017
Asgent, Inc.
(JASDAQ: 4288)

Asgent, Inc. (JASDAQ: 4288, President & CEO: Takahiro Sugimoto, located in Chuo-ku, Tokyo), a pioneer in network security and operations management solutions, announces that the wireless security solution "Coronet " (Developer: Coronet Cyber Security Ltd., located in Israel), which Asgent is the distributor for, has confirmed that it was capable of preventing attacks using the "KRACK " vulnerability in WPA and WPA2 at the point the vulnerability was first announced.

  "KRACK (Key Reinstallation Attack)" is a vulnerability in the wireless LAN encryption standards WPA and WPA2, first published by the Belgian security researcher Mathy Vanhoef on October 15. By leveraging this vulnerability, it is possible to use a Man-In-The-Middle (MITM) attack to eavesdrop on communications between Wi-Fi endpoints and access points. Also, it is possible to hijack communications in some cases. Many vendors are currently developing and providing patches following the report of this vulnerability.
  KEY REINSTALLATION ATTACKS: BREAKING THE WPA2 PROTOCOL(Mathy Vanhoef)
http://www.blackhat.com/eu-17/briefings/schedule/#key-reinstallation-attacks-breaking- the-wpa2-protocol-8861

  The wireless solution "Coronet" is a security platform for utilizing mobile devices securely on wireless systems. "Coronet" provides the only secure methodology to use Wi-Fi access points and cell towers etc. on a global scale, whether you be in the office or not. By both blocking access to access points that do not clear predefined security levels, and monitoring communication activity post-connection, it is possible to block connections whenever an anomaly is detected.
  In Man-In-The-Middle attacks that leverage "KRACK", the PTK (a temporary key used in wireless communications) is reinstalled and resent. "Coronet" detects this anomaly and blocks the connection. By doing so, "Coronet" users can use the network securely without the need for patching devices.

  Also, Coronet Cyber Security is reporting the following on their website regarding the “KRACK” vulnerability and countermeasures.
Coronet offers protection against KRACK
https://coro.net/coronet-offers-protection-krack/

[Outline of the vulnerability]
  outline of the vulnerability ※In addition to the protocol vulnerabilities, Android 6.0 and up and Linux with wpa_supplicant versions 2.4 and 2.5 have a bug that installs an all-zero encryption key (KT), practically exposing these OS to all vulnerabilities in both directions.

[Countermeasure]
  "Coronet" users: you need to do nothing, you are already protected.
  Non-"Coronet" users:
- As a good practice, always ensure your devices are patched with the latest OS and vendor updates once available.
- For APs for which a patch is yet to be released, disable the Fast Transition (802.11r) option.
- Make sure all your information is accessed using only secure HTTPS/TLS protocols.



Top Page
Products
Products
Publick Relations
Corporate Profile
Publick Relations
Investor Relations
Contact Us

IS 76150 / ISO (JIS Q) 27001
Check Point Distributer Partner

Top Page | Public Relations | Products | Corporate Profile | Investor Relations
Privacypolicy | Contact Us | Security Policy Alliance
Copyright (C) Asgent, Inc. All Rights Reserved.