Have you been KRACKed?
Understanding the extensive Wi-Fi vulnerability
In mid-October 2017, security researchers Mathy Vanhoef and Frank Piessens discovered one of the most significant wireless network security vulnerabilities ever reported, potentially exposing the data on nearly all modern Wi-Fi devices and networks. The recent key reinstallation attack (more commonly known as KRACK) exploits weaknesses within wireless protocols previously thought to be secure, specifically Wi-Fi Protected Access II (WPA2). The result is that hackers could potentially access and steal key data, compromise systems or install harmful malware.
Organizations must understand how to implement protective measures and strategies to limit continued vulnerabilities until device and operating systems vendors can rectify the issue. This attack has an enormous scope due to the ubiquitous adoption of WPA2 in almost all Wi-Fi-enabled networks and devices. Users must update their products with the latest security patches, while enterprises should store and transmit information in a format that cannot be easily read by techies and non-techies alike.
KRACK is a technique used by an attacker, within the range of a victim, to exploit weaknesses and eavesdrop on wireless network traffic protected by WPA2 security, which is assumed to be encrypted and secured. This type of attack abuses design flaws in cryptographic protocols to reinstall a known, previously used key, which then allows attackers to decrypt communications during transmission. This potentially allows an attacker to read, inject or manipulate data.
Fortunately, this attack cannot be launched remotely, since the hacker must be within proximity of a target who has devices connected to Wi-Fi through vulnerable access points. This prevents cyber criminals in remote locations from attacking your networks, but leaves you exposed to anyone who can come within range of your corporate wireless access points or employees using their devices in public places.
For example, an employee who attaches his or her corporate laptop to the wireless network of a coffee shop might not realize that someone in the same location may be capturing and reading the employee’s transmissions.
Who is affected by KRACK?
The impact of KRACK depends on the data confidentiality and security protocols adopted by the victim, as well as the established connection (e.g., handshake) being attacked. For instance, an adversary can decrypt data packets and view information being transmitted on your network. In other cases, it is possible for an attacker to hijack data streams and write malicious code into them. The attacks can be catastrophic when the data packets can be replayed, decrypted and forged.1
In addition, hackers can use KRACK to steal personal data, such as Social Security numbers, names and addresses. At the moment, nearly all Wi-Fi-enabled devices are exposed to at least one kind of attack, and both personal and enterprise Wi-Fi are affected by this attack.
The cost of an attack can be devastating to an enterprise. After an adversary accesses the system, they can inject malicious code, such as a malware, that will spread to other systems and devices.
Mitigation strategies in KRACK attacks
While the KRACK vulnerabilities are widespread, and the potential consequences of an attack are severe, your organization can implement strategies to mitigate the risks of becoming a target. These include:
Forcing remote users to use virtual private networks (VPN) – KRACK might allow an attacker to decrypt traffic transmitted through Wi-Fi, but VPNs offer a tunnel that encrypts personal information during transmission. VPNs provide high-grade encryption, preventing hackers from accessing information passing through the network. Today, there are multiple VPN services that can be obtained to help facilitate the use of VPN for your everyday internet use. The drawback to having VPN is that your speed will take a drastic hit, but that is the trade-off that happens when you want to be more secure.
Performing firmware updates for all corporate Wi-Fi equipment – KRACK attacks can be mitigated through up-front updates on software and drivers for devices connected to your Wi-Fi network. Update your network devices as soon as manufacturers release patches to mitigate KRACK attacks which can occur on all Wi-Fi networks at home, or in the office, cafés and other public areas. Users should set the firmware to update automatically. On the other hand, they should also check manually to see if a manufacturer has rolled out a fix.
Develop user awareness about not using public Wi-Fi until this threat is resolved – Your users should avoid connecting devices to public Wi-Fi since they cannot determine the security measures in place. Moreover, you should avoid accessing critical information, such as bank accounts and sensitive personal data across a public Wi-Fi.
Implement two-factor authentication on critical apps and high privileged accounts – With two-factor authentication (or multifactor authentication), an extra layer of security is added if your usernames and passwords become compromised. Two-factor authentication requires authorized users to provide additional identification details. You can use this method to prevent unauthorized login attempts using stolen credentials.
In order to address the KRACK vulnerability, your organization must make a holistic effort to hold workshops and training sessions to address and verify the correctness of security standard implementations. In addition, different stakeholders, such as researchers, security experts and the Wi-Fi alliances, should develop plans to assist in mitigating vulnerabilities discovered in WPA2 and other wireless protocols. Further, device vendors and solution providers should also collaborate to integrate the necessary reinforcements.
With these security changes coming to address the KRACK vulnerability, your organization and users must stay aware of information coming from vendors, providers and security authorities, and implement necessary patches and protections for wireless networks and devices.
1Piessens, F., Vanhoef, M. "Key reinstallation attacks: Forcing nonce reuse in WPA2" (2017)