17 October 2017
Do you think your wireless network is secure because you're using WPA2 encryption? If yes, think again!
A vulnerability called KRACK (Key Reinstallation Attack) has been found within the 4-way handshake process which takes place when a device attempts to connect to a wireless network.
Many devices are left at risk since the flaw is in the WPA2 protocol itself meaning the attack will work on all devices using a Wi-Fi network and is not OS dependent. While some routers may receive updates against the KRACK, many will be left unpatched.
So, what does this means for you, the end user?
- Your Wi-Fi is now quite possibly just a few days from being as secure as the open hotspot in your local coffee shop.
- A potential attacker, given enough time, will be able to eavesdrop on whatever is being sent on your Wi-Fi network and possibly even hijack connections.
What Is Affected
This attack impacts all devices using Wi-Fi, such as smart computers, smart phones, access points, IoT devices, etc. Some devices are impacted more than others. It is important to mention that 41% of Android devices are considered vulnerable to the most severe case of the attack.
The attack targets the four-way handshake of WPA2. It is carried out when the client attempts to join a Wi-Fi network that is protected and confirms that the client and access point have the necessary credentials to establish a connection. Simultaneously, the handshake establishes a new encryption key that will be used in the encrypting of future traffic. An adversary that is within the proximity of a user can reportedly carry out key reinstallation attacks (manipulation of cryptographic handshakes) which are being coined as KRACKs.
If the KRACK attack is successful, it can decrypt and read any information the victim sends (such as login credentials).
- As device updates become available apply them as soon as possible. It is recommended to ensure that your device is updated with the most recent version currently available as well as the firmware of the router.
- Another important step to take is to ensure that most of your traffic is secured – E.G. even on your local network, try to use encrypted connections with strong passwords, such as SFTP instead of FTP and SSH instead of Telnet.
For more information on the topic and our Cyber Security Solutions & Services, please contact us by mail firstname.lastname@example.org.