The news about the KRACK attack is causing quite a fuss in the media. This is not surprising since it effects a Wi-Fi-technology thought to be safe until now. Plus, surely everyone uses this encryption. But what does this vulnerability to WPA2 encryption mean to SAP® customers?
The good news is that SAP systems are not affected the least by this vulnerability. But it makes it easier for attackers to hack into a company network and launch attacks on the SAP systems from within.
In our last webinar "5 ways to hack your SAP system", we thoroughly described the detour of accessing a wireless network. And exactly there lies the problem with the newly found vulnerabilities. Due to the global spread of WPA2, the hacking community surely has already developed first applications for the wider-spread hacking tools - no matter if they are hardware or software-based.
This means that companies should immediately apply the respective patches once the WPA2 vulnerability has been closed by device manufacturers. Until then, the advice of, e.g. PCWorld.com, should be followed: make sure extra encryption like HTTPS is ensured, use VPNs (which are already often used in company networks anyway) and the worst case, turn off Wi-Fi connections completely. The last thing is recommended in places with public Wi-Fi anyway, as we showed in our webinar.
One can assume that all device manufacturers will fix the KRACK vulnerability as soon as possible. Due to the current media coverage, this is in their own interest. If you follow the aforementioned measures, you can rest assured that your SAP security is not at risk until then. Feel free to contact us, should you wish to increase the security of your SAP systems at the same time.