Medidata's position on WPA2 Vulnerability


WPA Vulnerability (KRACK)

The security of our customers information is of paramount importance to Medidata. In this spirit, we want to share with you that your information safe due to our ongoing efforts in providing scalable and secure services. Again, all client data exchanges are protected within Medidata.

On October 16, 2017, details of a protocol vulnerability was released to the public by a researcher KU Leuven.

Specifically, this is a laboratory Key reinstallation attack which takes advantages of several key management vulnerabilities in the handshake of the WiFi Protected Access (WPA-2) security protocol.

This has the potential for full compromise using a number of techniques including connection hijacking, content injection and possible decryption of traffic. Since these are protocol related issues, this will probably affect most if not all implementations of WPA-2.

There is an excellent preliminary write up at ARS Technica ; and US Cert Crisis Center published a parallel release of information with the researcher.

We have no evidence that any weaponized attack has been delivered that takes advantage of this vulnerability.

Medidata by policy and by practice, does not permit any kind of wireless networks to connect to our hosting environments. Wireless is expressly prohibited in our data centers.

Additionally, our hosting environments are completely segregated from our other environments, requiring multi-factor authentication, secure keys and other controls to gain access to those production systems.

They are audited annually both internally, and by multiple third parties including PriceWaterHouseCoopers, DQS, Coalfire and Optive.

Details can be found at .

In the meantime, if you have any questions comments or concerns, please contact our Medidata team at: .

Thank you again for your ongoing partnership with Medidata.

Glenn Watt
Cheif Information Security Officer (CISO) Vice President, Technology