Yesterday we learnt that the security protocol used to protect the vast majority of Wi-Fi connections had been broken, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks.
Since the weaknesses reside in the Wi-Fi standard itself, and not in the implementations or any individual product, any correct implementation of WPA2 is likely affected.
Whilst you should patch where you can, this Key Reinstallation Attack (known as KRACK) exploit is not a catastrophic event because:
Nonetheless, we recommend taking the following steps:
Releasing a research paper on Monday, 16th of October 2017, Mathy Vanhoef and Frank Piessens publicly disclosed the theory behind a new WPA2 exploit, named Key Reinstallation Attack (known as KRACK). Some vendors have already started to develop, test and release patches for the issue, where other companies have not taken any public actions. Microsoft, Apple, Ubiquity, Amazon, Netgear, Intel, and many others have commenced the necessary processes for patching this vulnerability.
How Does KRACK Work?
Wireless access points (known as WAP) use the 4-way handshake within the WPA2 encryption protocol to ensure data being sent to the client is encrypted. The handshake contains the sending of a nonce token from the access point to the client, which then replies with a signed nonce. Then a signed key is installed within the client and the client acknowledges the installation and transaction. KRACK uses a flaw within the 802.11 standard, which states that until acknowledgement is received, the message that triggers the key to be installed will be retransmitted.
Using this knowledge an attacker can jam the acknowledgement of the installation in order to assist with decrypting all encrypted content sent from that client to the WAP. This can further continue with the retransmission of the signed keys.
How Does this Affect Businesses Using WiFi Networks, and does using a VPN / TLS make a difference?
Provided the attacker is within appropriate physical range of the client and the access point, the attacker could decrypt the communications between the client and the WAP. This potentially means traffic being sent over the network to the client can be read by the attacker.
However, provided the content is encrypted using TLS — eg via HTTPS or an encrypted VPN session, the traffic cannot be read by the attacker, even if they have successfully used KRACK to gain access to the WiFi session between the client and the WAP.
To be clear: It is not required to disable your WiFi, but ideally, consider using a VPN and/or properly implemented secure protocols such as SSH or TLS to secure any sensitive content being transmitted over WiFi networks.
What Versions of WPA are vulnerable?
Considering this issue is caused due to the 802.11 standards specified, all version of WPA are actually vulnerable (including WPA2 enterprise).
What Else Should We Do?
As mentioned above, many vendors have started patching the issue, so stay tuned for any updates (both client updates and WAP updates) and apply patches promptly. If you have any issues or queries regarding your devices and their current susceptibility to KRACK, contact the vendor and they should be able to assist further.
Enhanced Security Services
Most assume technology is enough to protect against cyber-attacks. However a 'Defence in Depth' Strategy across People, Process and Technology is required...Get Protected