Publication Date: October 31, 2017
Update Date: October 31, 2017
Philips is aware of the identified Key Reinstallation Attacks (KRACK) security vulnerability affecting electronic products that rely on the WPA2 wireless encryption technology, the most current and commonly used standard worldwide.
This security vulnerability has been widely reported as a known issue with the WPA2 WiFi security standard itself, and is not linked to specific individual products or implementations.
At this time, the known effect of the vulnerability in the WPA2 protocol is that it may allow attackers within physical range of vulnerable devices or access points to possibly intercept passwords and other data presumed to be encrypted. The vulnerability at this time cannot be exploited remotely; the attacker must be within a relatively small physical distance, that also depends on the signal strength.
Like most medical device manufacturers, Philips provides products and solutions with wireless functionality, some of which utilize wireless modules that feature the WPA2 security protocol.
Per Philips’ Global Product Security Policy, the company’s worldwide network of product security officers are evaluating the KRACK vulnerability,and conducting analyses on its potential impact on any Philips products. At this time, Philips has not received confirmed reports of securitycompromise of company products in clinical use. However, Philips continues to investigate potential impacts of this vulnerability on products and solutions. Additionally, the company is monitoring advisories and patch releases by OS manufacturers and WiFi vendors, which are being evaluated for potential implementation in applicable Philips solutions.
In the event of confirmation of possibly affected products, Philips will notify customers and provide guidance on addressing the potential issue. Customers with questions regarding this WPA2 vulnerability should contact their local Philips service support team or regional service support.