An increasing number of vendors have warned customers over the past weeks that their industrial networking products are vulnerable to the recently disclosed Wi-Fi attack method known as KRACK.
The KRACK (Key Reinstallation Attack) flaws affect the WPA and WPA2 protocols and they allow a hacker within range of the targeted device to launch a man-in-the-middle (MitM) attack and decrypt or inject data. A total of ten CVE identifiers have been assigned to these security bugs.
The vulnerabilities impact many products, including devices designed for use in industrial environments. The first industrial solutions providers to warn customers about the KRACK attack were Cisco, Rockwell Automation and Sierra Wireless.
Cisco said the flaws affect some industrial routers and access points, for which the company has released updates. Rockwell and Sierra Wireless have also identified impacted products and provided patches and mitigations.
Other industrial solutions providers have come forward in the past weeks to admit that their products are affected.
Siemens said the KRACK vulnerabilities affect some of its SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS products. The company is working on releasing updates that will address the security holes and, in the meantime, it has provided some mitigations.
Swiss-based ABB informed customers that TropOS broadband mesh routers and bridges running Mesh OS 8.5.2 or prior are also vulnerable to KRACK attacks. ABB has yet to release patches, but it did provide workarounds and mitigations.
German industrial automation firm Phoenix Contact also confirmed that three of the KRACK flaws affect some of its BL2, FL, ITC, RAD, TPC and VMT products. The company said the impact is limited for some of its products, and pointed out that in many cases the attacker would have to be inside the plant in order to conduct an attack.
Phoenix is working on patching the vulnerabilities in affected products. The vendor has advised customers using devices running Windows to install the security updates provided by Microsoft.
Lantronix informed customers that several of its wireless connectivity solutions are impacted by KRACK, including PremierWave ethernet-to-WiFi gateways, WiPort wireless ethernet bridges, MatchPort programmable embedded device servers, xPico embedded IoT WiFi modules, SGX IoT device gateways, and WiBox wireless device servers.
The company has released a patch for PremierWave 2050. For the other products, fixes are expected to become available by the end of the year.
Some Johnson Controls products may also be vulnerable to KRACK attacks. The company’s product security and incident response team (PSIRT) is currently assessing the impact of these flaws.
Kaspersky Lab’s ICS-CERT team pointed out that while KRACK attacks can be launched against industrial control systems (ICS) — for example, some PLCs use Wi-Fi for remote management — the biggest risk is to network communication devices, smartphones and tablets used by engineers and operators for remote access to ICS.
“In most cases KRACK attacks present virtually no risk to those large industrial and critical infrastructure systems that do not use 802.11 technologies. Today, such systems constitute an absolute majority,” explained Ekaterina Rudina, senior system analyst in Kaspersky’s ICS-CERT team. “Even in cases where these technologies may be used, physical restrictions on access to the controlled zone (e.g., a specific manufacturing unit) would prevent an attack from being carried out.”
“The main risk zone still encompasses those industrial sectors the security of which is given a lower priority than that of critical infrastructure systems and where using wireless technologies to upgrade systems or meet industrial network maintenance needs has become necessary but where compliance with the ‘best practices’ supported by major vendors is not possible because the changes required are too complicated or too costly,” Rudina added.