Friday, November 10, 2017

What You Can Do Now to Avoid a KRACK Attack

A recently discovered vulnerability in Wi-Fi encryption is the tech industry's latest worry.  It's being called KRACK (for Key Reinstallation AttaCK), and it's capable of affecting many types of wireless devices, with potentially disastrous results.  While most of the major platforms like Windows and MacOS have already been patched, there are millions of IoT devices that are unpatched and vulnerable, notably most Wi-Fi routers.

KRACK  targets the third step in a four-way authentication “handshake” performed when your Wi-Fi client device attempts to connect to a protected Wi-Fi network. The encryption key can be resent multiple times during step three, and if attackers collect and replay those retransmissions in particular ways, Wi-Fi security encryption can be broken.

This devastating flaw in Wi-Fi’s WPA security protocol makes it possible for attackers to eavesdrop on your data when you connect to Wi-Fi. KRACK affects the Wi-Fi protocol itself—not specific products or implementations, and “works against all modern protected Wi-Fi networks,” according to Mathy Vanhoef, the researcher that discovered it. That means that if your network devices use Wi-Fi, vulnerability to KRACK is highly likely.

What happens when Wi-Fi security is broken?  For starters, the attacker can eavesdrop on all traffic you send over the network. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on,” Vanhoef says.  But it gets worse.  The United States Computer Emergency Readiness Team also issued this warning as part of its KRACK security advisory, per Ars Technica: “The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others.” HTTP content injection means the attacker could sneak code into the websites you’re looking at to infect your PC with ransomware or malware.  This being the case, websites that aren’t HTTPS on a site wide basis (which is most of them) are the most vulnerable.  So if your website has not been upgraded to use HTTPS secure page protocol on a site wide basis, it would be a good idea to schedule this in the near future.

Experts warn that KRACK attacks will largely be opportunistic. Imagine bad guys driving by or walking around your facility scanning for Wi-Fi access points to break into and create mischief of all kinds. By example, I can see eight different Wi-Fi networks from our offices here in downtown Buchanan; apparently, the opportunities for Wi-Fi hackers will be more than plentiful.

What should you do to avoid a Wi-Fi based KRACK attack? Simple: don't use Wi-Fi to connect your computers, printers and peripherals. Hardwiring your network is the sure way to avoid a premises based KRACK attack. 

For businesses that requires the use of a Wi-Fi network at some level (public access for instance), it will be important to verify that your hardware manufacturer has been proactive in analyzing the vulnerability, creating the appropriate patch, making it available for your specific device, and then providing access for security patching.  Once the required patches are applied, it will be important to check for patch updates as the bad guys will keep upping their game; (it's an arms race).  At this moment in time, there are patches for approximately a couple dozen devices.. Feel free to contact us if you need assistance in this regard.

No comments:

Post a Comment