Data-Tech KRACK Vulnerability Status

The Leading Cause of Cyber Attacks in a Business
October 5, 2017
Sophos v17 XG Firewall Release
November 6, 2017

Data-Tech KRACK Vulnerability Status

KRACK is a vulnerability in the WPA2 protocol that was discovered earlier this week. This could lead an attacker to read encrypted information. This attack affects all WPAWPA2 protected Wi-Fi Networks as the vulnerability is with the Wi-Fi WPA/WPA2  standard and not any individual products or implementations. Data-Tech is aware of this exploit and our Managed Services Team has updated our clients’ windows workstations and is closely monitoring  new updates and changes.

KRACK in a few words

KRACK is short for Key Reinstallation Attack, which is a curious name that probably leaves you as confused as we felt when we heard about it, so here’s our extremely simplified explanation of what happens (please note this explanation covers just one of numerous flavours of similar attack).

At various times during an encrypted wireless connection, you (the client) and the access point (the AP) need to agree on security keys.

To do so, a protocol known as the “four-way handshake” is used, which goes something like this:

  1. (AP to client) Let’s agree on a session key. Here’s some one-time random data to help compute it.
  2. (Client to AP) OK, here’s some one-time random data from me to use as well.

At this point, both sides can mix together the Wi-Fi network password (the so-called Pre-Shared Key or PSK) and the two random blobs of data to generate a one-time key for this session.

This avoids using the PSK directly in encrypting wireless data, and ensures a unique key for each session.

  1. (AP to client) I’m confirming we’ve agreed on enough data to construct a key for this session.
  2. (Client to AP) You’re right, we have.

The KRACK Attacks (with numerous variations) use the fact that although this four-way protocol was shown to be mathematically sound, it could be – and in many cases, was – implemented insecurely.

In particular, an attacker with a rogue access point that pretends to have the same network number (MAC address) as the real one can divert message 4 and prevent it reaching the real AP.

What to do

Changing your Wi-Fi password won’t help: this attack doesn’t recover the password (PSK) itself, but instead allows an attacker to decrypt some of the content of some sessions.

Changing routers probably won’t help either, because there are numerous variants of the KRACK Attacks that affect most Wi-Fi software implementations in most operating systems.

Here’s what you can do:

  • Until further notice, treat all Wi-Fi networks like coffee shops with open, unencrypted, wireless.
  • Stick to HTTPS websites so your web browsing is encrypted even if it travels over an unencrypted connection.
  • Consider using a VPN, which means that all your network traffic (not just your web browsing) is encrypted, from your laptop or mobile device to your home or work network, even if it travels over an unencrypted connection along the way.

 

Author: Paul Ducklin

Wi-Fi at risk from KRACK attacks – here’s what to do

Comments are closed.

Contact