WiFi KRACK Attack
On Monday 16 October 2017 a WiFi attack called KRACK was announced which affects most WiFi networks and devices.
A successful attack unlocks the airwaves, allowing attackers to compromise the confidentiality, integrity and availability of the network. Put simply, someone within range of a home or enterprise WiFi network can read data from the network and in some cases, even tamper with it.
The attack takes advantage of vulnerabilities in the WPA2 encryption protocol. This is used by most WiFi networks as it is considered to be the most secure. The protocol uses a 4-way handshake to set up encryption and KRACK takes advantage of weaknesses in the handshake design.
Due to subtle differences in the way that each vendor implements the protocol, there are multiple varients of the attack which different implementations are vulnerable to. Some provide the ability to read data, some provide the ability to insert data. Linux (including Android smart phones) has a particularly vulnerable implementation where the encryption key can be set to zero, giving attackers an easy ride into the network.
The KRACK attack was discovered in May 2017 by a security researcher who has been working with vendors and manufacturers to ensure the associated vulnerabilities can be patched before the vulnerability was widely publicised.
Microsoft were one of the least affected, but are not taking any chances and have released patches for download already. Other software vendors such as Apple, BSD, Google and Mac OS, all appeared to be affected and are releasing patches. WiFi hardware manufacturers such as Cisco are doing the same.
What can you do?
Unfortunately, switching to a wired network is the only way to completely eliminate the risk of this attack before patches have been released by the vendor and rolled out to your WiFi connected hardware/firmware and operating systems. If confidentiality of your data is mission critical then disabling WiFi would be the recommended course of action. This is particularly important if you are running implementations which are vulnerable to one of the attack variants that allow data injection.
Where disabling WiFi is not possible, the use of a Virtual Private Network (VPN) such as a corporate or private VPN would help to reduce the risks. They help by ensuring that data remains encrypted even when the WiFi network encryption is broken. However, even these technologies depend on the use of underlying protocols such as DNS and ARP. These will remain unencrypted and could be subject to poisoning from some variants of the KRACK attack, thereby potentially allowing even VPN connections to be compromised.
If you require urgent advice, please get in touch as Foregenix can check whether your systems are likely to be affected by the more serious variants and recommend an appropriate course of action.