A range of devices from Becton and Dickinson and Co. are vulnerable to the key-reinstallation attack, giving the opportunity attackers to modify patient records.
The KRACK, which was discovered last year, was bug inside WPA and WPA2 protocols for securing 802.11 based wireless systems.
According to Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), when KRACK vulnerability is exploited it can give an attacker complete control over data. KRACK would allow a hackers to execute MITM (man-in-the-middle) attacks that can spoof communication between devices used for medical purposes.
KRACK focuses on the four-way handshake of the WPA2 , which is executed when a client needs to join an encrypted and secured Wi-Fi network. During this procedure, a device secure passphrase is traded to verify the client and acces point. The KRACK assaults control and replay these cryptographic handshake messages. At the point when this happens, the acces point deciphers it to imply that the handshake has been lost or dropped, and retransmits the third part of the handshake.
“By forcing nonce reuse in this manner, the encryption protocol can be attacked, e.g., packets can be replayed, decrypted and/or forged,” according to researcher Mathy Vanhoef of The Katholieke Universiteit Leuven (KU Leuven), who discovered the flaw last year. “The same technique can also be used to attack the group key, PeerKey, TDLS and fast-BSS-transition handshake.”
