How do you rectify the KRACK weak point in the WLAN encryption?
It is currently recommended to use the security standard WPA2 to encrypt WLAN networks. This security standard is vulnerable at a critical weak point.
The safety gap named "KRACK" (Key Reinstallation Attack) uses a design fault in the handshake when the WPA2 connection is established. This might lead to violation of the confidentiality of the WLAN connection. The data transfer based on this in the WLAN might be able to be read by unauthorized third parties.
The described behavior affects the following SIMATIC devices.
- SIMATIC ITP1000 with WLAN Adapter: Intel® Dual Band Wireless-AC 8260
- SIMATIC Field PG M5 with WLAN Adapter: Intel® Dual Band Wireless-AC 7265
The following versions of the WLAN Adapter drivers are affected.
- Windows 7
Driver date < 2017-10-16
Driver version < 220.127.116.11
- Windows 10
Driver date < 2017-11-2
Driver version < 18.104.22.168
The safety gap is closed by installing the latest version of the Intel® WLAN driver. Download the latest driver for the WLAN Adapter of your SIMATIC device either from the Intel® Download Center or via Entry ID: 109755666.
Installation of the driver
- Uninstall via the Control Panel the WLAN driver currently being used:
Start -> Control Panel -> Programs and Features -> Intel PROSet/Wireless Software -> Uninstall -> Save settings
- Install the new WLAN driver. For this you open the ZIP file downloaded from the link above in the Explorer and start the Autorun.exe program.
- Confirm the "User account control" dialog with the "Yes" button.
- Read the End User License Agreement and confirm it. Then click the "Install" button.
- After completion of the installation the WLAN function is once again available for use. You do not need to do a restart.
Further information about the weak points known as "KRACK Attacks" is available in the associated Siemens Security Advisory SSA-901333.