Spark says the modem and WiFi access points it supplies to consumers with their Spark broadband services are not susceptible to the newly-discovered Krack vulnerability in the widely used WPA2 encryption standard.
“The Krack vulnerability only applies to private Wi-Fi networks that involve multiple access points as well as a WiFi protocol that enables end users’ devices to seamlessly switch from one access point to another,” Spark said. “Spark modems are single access points secured by their individual passwords.”
Spark’s own Wi-Fi phone box network, like most public Wi-Fi networks, is an open network with no security, so is not impacted.
However Spark said that Wi-Fi enabled smartphones, tablets, PCs and laptops, including those sold by Spark were vulnerable.
“Spark is liaising with all its device manufacturers as a matter of urgency to understand when they will have patches available for their devices and the process for installing those patches on devices,” Spark said.
Krack, short for Key Reinstallation Attack, was discovered by Belgian computer security academic Mathy Vanhoef, and detailed here.
According to Vanhoef the hack works by the adversary tricking the Wi-Fi device into reinstalling an already-in-use encryption key by manipulating and replaying cryptographic handshake messages. It is the result of a weakness in the Wi-Fi standard itself, and not in individual products or implementations.