KRACK Attacks!
What’s the big deal?
Mathy Vanhoef of imec-DistriNet, KU Leuven has discovered a serious weakness in WPA2, a protocol that secures all modern protected Wi-Fi networks. Vanhoef has released a whitepaper, a video example of an attack, created a thorough website explaining the vulnerability, and will be releasing proof of concept exploit code soon.
This is an attack against Wi-Fi, and affects current modern implementations of WPA2 and previous, both on devices that have wireless NICs (phones, computers, etc) and wireless access points (routers).
This is not an attack against WPA2 encryption directly, merely most implementations of it. As such, supported devices that can be upgraded will probably receive a patch. WPA2 encryption itself is not broken.
Devices that cannot be upgraded will need to be replaced, this includes many unsupported IoT devices, older routers, EoL (End of Life) mobile devices, and legacy computer hardware.
The vulnerability lets an attacker that is physically close to victims and routers create a Man-in-the-Middle (MitM) attack and decrypts data as it’s sent over the air. As such, this risk should be evaluated by the individual organization and used in context their risk model.
Mitigation Tactics for this vulnerability include:
Enterprise
- Patch your devices as soon as a patch is available (phone, computer, router).
- Replace devices that cannot be patched with a supported device that are not prone to this attack (when they become available).
- Consider access controlled segmentation of the wireless network from the internal network and use wireless implementations that are resistant to MitM and AP spoofing attacks.
Users
- Use HTTPS where possible and check for the HTTPS symbol when entering credentials.
Websites
- Use modern HTTPS (TLS) implementations that are resistant to SSL strip attacks.
Sources
Main site: https://www.krackattacks.com/
Demo video of exploit: https://www.youtube.com/watch?time_continue=1&v=Oh4WURZoR98
Vanhoef’s GitHub Page: https://github.com/vanhoefm/krackattacks
TEAMARES is an offensive and defensive security team compromised of highly trained cybersecurity professionals that provide expertise in technology, adversarial engagements, risk and compliance, privacy and more.
You may also be interested in…
RELATED RESOURCES
- News
CRITICALSTART aims to eliminate “acceptable risk” from cybersecurity’s vocabulary
CRITICALSTART, a leading and trusted provider of Managed Detection and Response (MDR) services to hu... - News
SMU Cox Dallas 100™ Names CRITICALSTART One of the Fastest Growing Privately Held Companies in Dallas Area
PLANO, TX, (February, 25 2020) – CRITICALSTART, a leading cybersecurity provider of Managed ... ![]()
Data SheetThe Financial Consequences of Risk Acceptance Security Strategies Whitepaper
CRITICALSTART reduces endpoint risk to levels unachievable by traditional Managed Detection and Resp...
RESOURCE CATEGORIES
-
- Consumer Education(39)
- Consumer Stories(2)
- Cybersecurity Consulting(10)
- Data Breaches(15)
- Data Privacy(43)
- Incident Response(9)
- Interview(51)
- MDR Services(64)
- MOBILESOC(9)
- News(4)
- Penetration Testing(16)
- Press Release(59)
- Research Report(9)
- Security Assessments(16)
- TEAMARES(17)
- Thought Leadership(17)
- Threat Hunting(9)
- Video(1)
- Vulnerability Disclosure(3)
