Forfusion Logo

What is KRACK and how can you protect your Wi-Fi?

WPA2 is a 13-year-old Wi-Fi authentication scheme widely used to secure Wi-Fi connections, but the standard has been compromised, impacting almost all Wi-Fi devices—including in our homes and businesses, along with the networking companies that build them

Yesterday we learnt that the security protocol used to protect the vast majority of Wi-Fi connections had been broken, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks.

Since the weaknesses reside in the Wi-Fi standard itself, and not in the implementations or any individual product, any correct implementation of WPA2 is likely affected.

According to the researchers, the newly discovered attack works against:

  • Both WPA1 and WPA2
  • Personal and enterprise networks
  • Ciphers WPA-TKIP, AES-CCMP, and GCMP

Whilst you should patch where you can, this Key Reinstallation Attack (known as KRACK) exploit is not a catastrophic event because:

  1. It requires physical proximity. You’re not defending against every bad guy on the internet. Just the ones next door.
  2. It is probably less likely than things like Evil Twin attacks which have been around for a while.
  3. It won’t steal your Wi-Fi password and changing it won't help - it bypasses that stage with the Nonce exchange. 
  4. Other problems you probably have in your environment are bigger.
  5. It’s imperfect — an attacker in the right conditions can target your device to potentially decrypt, and in best case scenario modify traffic.

Nonetheless, we recommend taking the following steps:

  1. Don’t panic.
  2. Patch the devices when you can.
  3. To be clear: it is not required to disable your Wi-Fi, but ideally, consider using a VPN and/or properly implemented secure protocols such as SSH or TLS to secure any sensitive content being transmitted over Wi-Fi networks. 
  4. Add this to the list of stuff you need to patch/fix. If you’ve still got Internet facing XP boxes, fix these first.
  5. If you see suspicious guys hanging around outside your office in black hoodies with large wireless antennas, ask them what they’re doing.

Timeline Overview

Releasing a research paper on Monday, 16th of October 2017, Mathy Vanhoef and Frank Piessens publicly disclosed the theory behind a new WPA2 exploit, named Key Reinstallation Attack (known as KRACK). Some vendors have already started to develop, test and release patches for the issue, where other companies have not taken any public actions. Microsoft, Apple, Ubiquity, Amazon, Netgear, Intel, and many others have commenced the necessary processes for patching this vulnerability.

How Does KRACK Work?

Wireless access points (known as WAP) use the 4-way handshake within the WPA2 encryption protocol to ensure data being sent to the client is encrypted. The handshake contains the sending of a nonce token from the access point to the client, which then replies with a signed nonce. Then a signed key is installed within the client and the client acknowledges the installation and transaction. KRACK uses a flaw within the 802.11 standard, which states that until acknowledgement is received, the message that triggers the key to be installed will be retransmitted.

Using this knowledge an attacker can jam the acknowledgement of the installation in order to assist with decrypting all encrypted content sent from that client to the WAP. This can further continue with the retransmission of the signed keys.

How Does this Affect Businesses Using WiFi Networks, and does using a VPN / TLS make a difference?

Provided the attacker is within appropriate physical range of the client and the access point, the attacker could decrypt the communications between the client and the WAP. This potentially means traffic being sent over the network to the client can be read by the attacker. 

However, provided the content is encrypted using TLS — eg via HTTPS or an encrypted VPN session, the traffic cannot be read by the attacker, even if they have successfully used KRACK to gain access to the WiFi session between the client and the WAP. 

To be clear: It is not required to disable your WiFi, but ideally, consider using a VPN and/or properly implemented secure protocols such as SSH or TLS to secure any sensitive content being transmitted over WiFi networks.

What Versions of WPA are vulnerable?

Considering this issue is caused due to the 802.11 standards specified, all version of WPA are actually vulnerable (including WPA2 enterprise).

What Else Should We Do?

As mentioned above, many vendors have started patching the issue, so stay tuned for any updates (both client updates and WAP updates) and apply patches promptly. If you have any issues or queries regarding your devices and their current susceptibility to KRACK, contact the vendor and they should be able to assist further. 

Enhanced Security Services

Most assume technology is enough to protect against cyber-attacks. However a 'Defence in Depth' Strategy across People, Process and Technology is required...

Get Protected
Categorised Under: Networks & Security

17th Oct 2017