KRACK Attacks!

October 16th, 2017 by Section 8

What’s the big deal?

Mathy Vanhoef of imec-DistriNet, KU Leuven has discovered a serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. Vanhoef has released a whitepaper, video example of an attack, created a thorough website explaining the vulnerability, and will be releasing proof of concept exploit code soon. Links at the end of this article.

This is an attack against Wi-Fi, and affects current modern implementations of WPA2 and previous, both on devices that have wireless NICs (phones, computers, etc) and wireless access points (routers).

This is NOT an attack against WPA2 encryption directly, merely most implementations of it. As such, supported devices that can be upgraded will probably receive a patch. WPA2 encryption itself is NOT broken.

Devices that cannot be upgraded will need to be replaced, this includes many unsupported IoT devices, older routers, EoL (End of Life) mobile devices, and legacy computer hardware.

The vulnerability lets an attacker that is physically close to victims and routers create a Man-in-the-Middle (MitM) attack and decrypts data as it’s sent over the air. As such, this risk should be evaluated by the individual organization and used in context their risk model.

Mitigation Tactics for this vulnerability include:

Enterprise

  • Patch your devices as soon as a patch is available (phone, computer, router)
  • Replace devices that cannot be patched with a supported device that are not prone to this attack (when they become available)
  • Consider access controlled segmentation of the wireless network from the internal network and use wireless implementations that are resistant to MitM and AP spoofing attacks.

Users

  • use HTTPS where possible and check for the HTTPS symbol when entering credentials

Websites

  • Use modern HTTPS (TLS) implementations that are resistant to SSL strip attacks

Sources

Main site: https://www.krackattacks.com/

Demo video of exploit: https://www.youtube.com/watch?time_continue=1&v=Oh4WURZoR98

Vanhoef’s GitHub Page: https://github.com/vanhoefm/krackattacks


Critical Start is the fastest-growing cybersecurity integrator in North America. Our mission is simple: protect our customers’ brands and reduce their business risk. We do this for organizations of all sizes through our award-winning portfolio of end-to-end security services – from security-readiness assessments using our proven framework (the Defendable Network) to the delivery of managed detection and response, incident response, professional services, and product fulfillment. Critical Start has been named to the CRN 2018 Tech Elite 250 and top 100 Security MSPs lists.