Monday 16/10/17 was one of those days when IT Admins all over the world wished they’d chosen a different career. It was on this day that the WiFi Protected Access II (WPA2) protocol was announced to be at risk from a number of high-severity vulnerabilities. A proof of concept (POC) entitled KRACK has been developed by security experts and the accompanying details have been published on a dedicated website: https://www.krackattacks.com.
The US-CERT distributed an advisory to a number of organizations, through which they disclosed that hackers could take the following malicious actions if they are able to successfully take advantage of the vulnerabilities of the WPAII protocol: TCP connection hijacking, HTTP content injection, packet relay, and decryption.
So what exactly do we know about KRACK? And what have we yet to find out?
What We Currently Know About KRACK
It’s highly likely that a significant number of the devices that use WiFi connections are at risk of this vulnerability. However, attacks can only be successful if the hacker is within the range of the victim’s device. To achieve this, he or she needs to be physically present in the same area as the victim’s WiFi network.
To gain further insights into what exactly transpires during a KRACK attack, researchers have produced a POC that was designed to target Android Smartphones. Through this POC, security experts could demonstrate how attackers could successfully decrypt all the data transmitted by the victim. The video provided an example of a plaintext downgrade attack that was launched against TLS/SSL via SSLstrip. Further information can be found on the website that accompanies the POC: https://www.krackattacks.com . According to security researchers, Android and Linux Versions 6.0 and above are most vulnerable; however, the list of devices that are at risk is extremely long and is continuing to grow.
Some manufacturers of wireless devices have been quick to respond by issuing patches that can protect against the KRACK threat. Both US-CERT and Bleeping Computer have published lists of the driver and firmware updates that have been developed.
What We Currently Don’t Know About KRACK Attacks
Although security experts have issued a POC demonstration, this was not accompanied by POC code. Furthermore, there is no evidence yet as to how, or even if, these vulnerabilities have been exploited. While the POC video presented a comprehensive summary of the risks, it is not yet known what technical knowledge an individual would need to successfully execute an attack of this nature.
However, while an attack has not yet emerged, that is not to say that criminals are not planning one. In fact, some of the conversations that have been recorded in criminal forums indicate that would-be attackers are showing a keen, yet skeptical, interest in identifying a quick method of taking advantage of these vulnerabilities.
The Steps You Can Take to Protect Yourself
According to the US-CERT, hackers could take advantage of WPA2 vulnerabilities to launch a range of different attacks including, but not limited to, TCP connection hijacking, HTTP content injection, packet relay, and decryption. To protect yourself against attacks of this nature, you can take the following steps:
- Take stock of all the devices that are connected to your WiFi network. Make use of the functionality of your wireless control software to itemize all the devices that are linked to your network. This will give you an insight into the level of risk you are exposed to. Don’t forget about the Internet of Things, like printers, and all Android or embedded Linux devices.
- Patch any devices that may be vulnerable that are coupled to your WiFi network. Your primary priority is to ensure all at-risk devices are protected. Patches are continually being released, so ensure you keep an eye open for more updates. You can find comprehensive lists of what is currently available at US-CERT and Bleeping Computer.
- Add an additional layer of security. Although there are some well-known issues with some VPNs, it is a very good idea to encourage non-wired system users to connect by VPN. An alternative option is to adopt cryptographic protocols, such as Transport Layer Security (TLS/SSL).
- Consider using an Ethernet connection. Depending on the extent to which the devices connected to your WiFi network are vulnerable, you may wish to switch to a hard-wired connection. Although this approach may not be scalable for some organizations, it should be considered if the threat becomes more real in the next few days and weeks.
The security risk that this KRACK vulnerability poses very real. Patching your equipment as fast as possible is the only way to mitigate exposure. Rugged IT can assess and protect your company from KRACK so don’t hesitate to get in contact . As always, prevention is better than a cure.