Wi-Fi KRACK Exploit: What You Need To Know
A newly discovered weakness in the WPA2 protocol mostly used by wireless devices could allow an attacker to read information that was previously assumed to be encrypted, provided the attacker is within the Wi-Fi range of the victim. The KRACK weakness works against all modern WPA2 protected Wi-Fi networks. Therefore, if a device supports Wi-Fi, it is most likely vulnerable to this exploit.
Why is this important?
The newly discovered weakness in WPA2 could allow an attacker to decrypt traffic being broadcast on a Wi-Fi network allowing him/her to steal sensitive information such as credit card numbers, passwords, emails etc. In certain configurations, it could also allow an attacker to inject or forge packets, which could be leveraged to potentially inject malware. A Hacker could also have access to any attached storage on a compromised device. So, if you’ve attached a USB flash drive or external hard drive to your router or computer during the Wi-Fi session, they’d be able to read that.
What is WPA2 and why is it important to deal with this vulnerabiity?
Essentially it uses shared verification keys for authenticating communication between Wi-Fi devices and facilitates encrypting that data to avoid others from being able to read that data while in transit.
How does this exploit work?
Without boring you with techno-babble, the vulnerability works by attacking the 4-way handshake of the WPA2 protocol between devices and, in the process, tricking a victim into re-installing a key that’s already in use. Ideally, it should not be possible to reuse a key, but this coding flaw in WPA2 allows attackers to exploit this weakness to manipulate cryptographic handshakes and allows them to “join” the conversation.
If an attacker can reset these keys (which is possible due to this weakness) by collecting and replaying retransmissions of message 3 of the 4-way handshake, the encryption protocol can be attacked resulting in decryption of message packets exposing the contents of your communication. You’re most vulnerable to this exploit when using public Wi-Fi hot-spots in restaurants, coffee-shops and airports.
Protecting your organization from KRACK
As patches become available for individual devices, you should consider which systems that use WPA2 expose the network to the greatest risk (typically those that use Wi-Fi), define a series of checks and then test patches before deploying them to your network.
What about VPN’s?
For businesses that communicate using VPN’s, the news is better. A VPN will prevent hackers from intercepting any communications via this method. A VPN is essentially an encrypted tunnel between computers – in this case, a laptop or phone, and a server. “Using a VPN (virtual private network), to use a very, very simple metaphor, is as if someone has stuck their head through your window as you discuss sensitive matters – but you’re speaking a language they don’t (and can’t) understand,” David Gorodyansky CEO of AnchorFree and HotspotShield said.
Which devices and networks have addressed this problem?
- Microsoft has already issued patches for Windows 7, 8.x and 10
- Cisco products have patches available
- Linux has also released patches
- Systems with Intel chipsets have patches available for download
(Applying these can be a little tricky. We recommend you have your IT guy install these!) - Android system have not been issued updates yet.
- Mac OS 10.11.1 updates are available (beta only)
- Apple Airport updates are still pending
- Google Wi-Fi updates are still pending
Download the article in PDF format
