Wi-Fi Vulnerabilities security information


Canon Medical Systems Security Advisory

Key Reinstallation Attacks, aka KRACK
Vulnerability Note VU#228519 http://www.kb.cert.org/vuls/id/228519

Overview
It was announced that there is security vulnerability in the encryption technology "WPA 2" (Wi-Fi Protected Access II) used for wireless LAN (Wi-Fi) and there is a possibility that the third party existing in the communication range of the wireless LAN eavesdrops on the communication contents via the wireless LAN. At the moment, no attack code or attack damage that exploits this vulnerability has been confirmed.

Security Risk Evaluation Result
The evaluation result of the Common Vulnerability Scoring System (CVSS) is 5.4 (warning level) and the possibility of security damage is also "partial".

  1. Only when communication succeeded in camouflaging at a specific timing, the communication contents immediately after that could be intercepted and all the communication contents flowing through the wireless LAN cannot be eavesdropped by this security vulnerability.

  2. In order to eavesdropping, it is necessary to bring in a computer within the reach of the radio waves in the facility and make preparation in advance.

  3. In order to eavesdropping, it is necessary to bring in a computer within the reach of the radio waves in the facility and make preparation in advance.


Possible Affected Canon Medical Systems Products (investigating):
  1. Wireless FPD

  2. Ultrasound Device (Wireless communication option)

Resolution

Canon Medical Systems is actively investigating the applicability for the affected systems. If it is found that the applicable systems are susceptible to VU#228519, a mitigation and/or resolution will be provided shortly.

For inquiries concerning these subject products, please contact the nearest branch office, sales/service office.

Notes
It is known the followings as countermeasures for your wireless LAN to reduce the possibility of security incident by this security vulnerability.

Security FunctionDescription
Wireless transmission output limiting function
Wireless transmission output can be changed. If this figure is lowered, the reach of the radio becomes narrower, so it is possible to prevent unauthorized access due to unnecessary radio leakage. 

Wireless SSID Stealth function
The beacon signal which a parent wireless LAN device notifies to the surrounding area can be stopped to transmit.
If you use the stealth function, the SSID becomes invisible from the list display function on computer, and it is necessary to directly enter the SSID.