Security Advisory Regarding the WiFi Vulnerability – KRACK
Mathy Vanhoef, a post doctoral security researcher, has released details about a Wi-Fi vulnerability affecting WPA2. The following is a summary of the information presented on krackattacks.com, the official website for the vulnerability.
What is KRACK?
The vulnerability allows the WPA2 key used to encrypt the data to be reset to all zeros so a MiTM (Man in the Middle) can easily read it. Then the attacker can use other tools to attack SSL. The client could be forced to switch to HTTP and expose sensitive details such as credit card numbers or logins. The WPA2 protocol allows the reset to occur, making it a flaw in WPA2 itself, but the attack is dependent on the clients accepting a new key. In order to do this, the attacker would need to be within range of the access point (AP) but would not need to authenticate to the network. Once the attacker clones the targeted AP and completes the first part of the attack, the client’s traffic would be redirected to the MiTM, and the user would not even notice.
What should I do?
Android and Linux are most vulnerable because of how these operating systems handle WPA2 keys. However, it was noted that “Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks” and it is recommended that all wireless clients are updated.
You can find a list of vendor responses and updates here. Once updated, the key that the client uses will not be able to be reset. You will need to update your clients but there should be router firmware updates that will help fully resolve the vulnerability from existing in your wireless network.
There are a few recommendations to consider before updates are available or implemented:
- Pay attention to physical security of your environment and watch for suspicious new access points. The attacker would need to be present and in range of the targeted access point in able to effectively clone it and begin the attack.
- Use a wired connection when possible and/or a VPN. Using a VPN to connect to a work environment is highly recommended for all wireless connections.
- Turning wireless off to protect phones would be a workaround, but it is not practical in most cases. It would be a very short-term solution and incur extra data charges when switching to the phone’s provider for data. Phone providers are working to get updates out soon, if not already, so please update your phones as soon as you can.
- Before logging into anything or sending sensitive information, verify that the browser is still using HTTPs and has not switched to HTTP.
- Be on the lookout for updates including for router firmware.
- WEP and WPA are older technologies, so be aware that switching to them from WPA2 will present a new problem: the Wi-Fi password will be easier to crack. With the Krack Attack, the password is never compromised.
Each vulnerability advances technology
Wireless networks have always been under scrutiny. It started with open networks, which we still have to this day in some cases. WEP locked down some of those connections, but was not advanced enough to prevent very basic attacks (for example, there was no way to maintain the integrity of header data; it could be changed and manipulated). It also used the same keys across devices. WPA solved a few of these issues and added more enhancements, but not long after we were already moving on to WPA2 (over 10 years ago) which addressed some of the issues with the original WPA protocol.
While WPA2 still is updated, the point is that wireless protocols are still being developed and constantly require research. There are many different types of wireless attacks, and we have over the years improved security of our wireless connections. It will take years of research and updating to fully work out all the ways in which bits and bytes traveling through the air can be circumvented.
As more researchers focus on wireless, we will find more and more vulnerabilities. With each new vulnerability discovered, we strengthen our ability to secure data using wireless networks.
Special thanks to Dr. Mathy Vanhoef for his research and for sharing it with the public. If you have any questions, please comment on this post or send me an e-mail.
About Hurricane Labs
Hurricane Labs is a dynamic Managed Services Provider that unlocks the potential of Splunk and security for diverse enterprises across the United States. With a dedicated, Splunk-focused team and an emphasis on humanity and collaboration, we provide the skills, resources, and results to help make our customers’ lives easier.
For more information, visit www.hurricanelabs.com and follow us on Twitter @hurricanelabs.