What you need to know about the "KRACK Attack" vulnerability

By: David Page
Security Analyst
CISSP, QSA
If you haven’t already heard, security researcher Mathy Vanhoef recently discovered a serious vulnerability, dubbed “KRACK,” within the current industry standard encryption protocol "Wi-Fi Protected Access II" (WPA2). WPA2 encrypts traffic on all modern Wi-Fi networks, so any device connected to Wi-Fi could be affected.

On October 16, 2017, this vulnerability was made public. If exploited, it could allow hackers to decrypt and read Wi-Fi-transmitted network traffic in some situations.

What you need to know:

  • Watch for patches and updates to be released by Wi-Fi device manufacturers and vendors in the near future. Install updates for all devices and operating systems as soon as available. All affected personal and enterprise Wi-Fi devices will need to be patched eventually. See which vendors are affected and if they have been updated/patched yet.
  • This exploit requires the attacker have access to your wireless network. Organizations will fare better if they’ve architected their critical Wi-Fi networks to limit coverage to intended areas, and followed other Wi-Fi networking best-practices. 
  • Since this attack is performed over Wi-Fi, using cellular data or an ethernet cord would remove the risk of KRACK. Also, if you connect using a virtual private network (VPN), that will encrypt all your internet traffic.
  • Make sure to only share sensitive data on sites with HTTPS encryption. 
  • Changing a Wi-Fi password or replacing your router won’t stop KRACK Attacks. This issue is not related to devices themselves. 
  • Android and Linux devices are most easily affected. Most versions of iOS and Windows are only vulnerable when using non-typical multicast communications on a wireless network.

What does KRACK stand for?

Vanhoef coined the acronym “KRACK” to stand for “key reinstallation attack.”

How does a key reinstallation attack work?

The WPA2 protocol currently employs a “4-way handshake,” which confirms that both the client and access point have the correct credentials (a password), while at the same time creating a fresh (never used) encryption key that will be used to encrypt all subsequent traffic.

In a key reinstallation attack, a hacker would manipulate and replay the cryptographic handshake messages to trick a victim into reinstalling an already-in-use encryption key. Because the attacker forces reuse in this manner, the encryption protocol can be attacked, e.g., packets can be replayed, decrypted, and/or forged.

Vanhoef recorded a video demonstration of such an attack.

5 comments:

  1. What version of security can we go to which will resolve this issue? Is there something above WPA2 that fixes this?

    ReplyDelete
    Replies
    1. Hi Alfonso. Great Question! As of now, no. WPA2 is the current industry standard, which is why this is such a serious and widespread vulnerability. Make sure to follow your manufacturers' and vendors' instructions regarding patches and updates, as well as best security practices. Things like using ethernet or cellular data will help you avoid an attack as well.

      Delete
  2. Or use a VPN for additional protection.

    ReplyDelete
  3. Does a VPN help in any way when using a public WiFi?

    ReplyDelete
    Replies
    1. Yes, a VPN will encrypt your internet traffic.

      Delete