A significant vulnerability was discovered in the WPA1 and WPA2 protocol – used by nearly all modern protected WiFi networks. The attack is called a Key Reinstallation Attack (KRACK) and it allows hackers to effectively view and read encrypted traffic. As a result, hackers could view plaintext data that is WiFi encrypted such as passwords, shared files, credit card numbers, social security numbers, photos, etc. Additionally, through injecting malware (depending on client and router configuration) it may give hackers the opportunity to gain access to systems or websites.
When a computer connects to a WiFi network, the access point will send out random key data for encryption. Often this transmission is repeated due to the potential for the packet being lost. This attack primarily targets the clients connecting to a wireless access point (WAP) as it exploits the 4-way handshake that occurs between the client and WAP. The hacker simply replicates this action by repeatedly sending out this packet. Each time they do, it resets the encryption keystream. Once the hackers have two keystreams they can then break the crypto.
Android devices are particularly dangerous as they can be hijacked to allow the attacker to set up fake wireless access points and capture all the traffic through man-in-the middle.
Who is vulnerable?
Anyone who uses WiFi that employs WPA1 and WPA2 encryption, which is practically all wireless access points – both business and home
MEDIUM: The National Vulnerability Database (NVD) rates the multiple vulnerabilities that this exploits as “Medium” with scores of 5.4/10, 4.9/10, 5.7/10. The reason why the vulnerabilities are not rated as High or Critical is because the attacker has to be within range of the WiFi signal to launch the attack and because the attack is not consistently successful.
However, at Security On-Demand we are prioritizing this Alert since it likely affects nearly every wireless access point and user. We are keeping close tabs on this vulnerability. As we learn more about potential exploits or malware, we will update our monitoring and detection rules and keep you informed.
We highly recommend that you visit krackattack.com to learn more about this vulnerability.
- Patch your end-devices (laptops, mobile devices, tablets, etc.). This attack primarily targets the client connecting to the WAP.
- On your WAP or router, disable the client functionality and 802.11r (fast roaming)
- Patch your WAPs as soon as the vendor releases a patch – or in accordance with your patching protocol. (Here is a link to some patch updates.)
- Configure your WAPs directionality to limit the ability of external entities from accessing your company WiFi from outside the office/facility.
- Regularly test your wireless environment for rogue access points and man-in-the-middle attacks
- Educate staff on proper security protocols and policies tied to wireless access and acceptable use.
Tags: krack, wireless, wap, wpa1, wpa2, attack