October 2017 Security Bulletin – KRACK (Key Reinstallation Attack) Wifi attack leaves networks vulnerable
KRACK (Key Reinstallation Attack) Wifi attack leaves networks vulnerable
A security flaw was exposed in the WPA2 protocol widely used by WiFi devices. The flaw breaks the encryption between a router and device, allowing for network traffic to be intercepted.
How does it happen and what are the dangers?
A “hacker” identifies the WiFi network they want to breach which uses the WPA2-PSK security protocol and waits for someone to connect. This could happen in an office/shared workspace or public area.
Once someone connects to the network the laptop or mobile will carry out a four-way handshake. This is the process used to check the password provided is correct, and establishes an encrypted connection between the router and device.
The “hacker” interferes with the initial handshake allowing them to decrypt the traffic exchanged over WiFi, and then intercepts and tampers with user’s data without being connected to the network and are untraceable.
The “hacker” may be able to inject ransomware or malware into websites, with user completely unaware they or their company’s data was infected until it is too late. They would also be able to access any attached storage such as a USB drive and read/infect any data on it.
KRACK also works against WPA-Enterprise typically used by large businesses and could give access to a company’s NAS (Network Attached Storage) compromising secure data and backups.
What can be done?
The vulnerability is easily removed with a backwards-compatible patch. The person who exposed this flaw disclosed the information to various vendors and manufacturers months in advance of going public, allowing them to work on the patches to remedy the flaw. The patches will be rolled out over the coming weeks.
It is essential that you ensure all WiFi devices and routers are updated with the latest security patches to ensure you and your company’s data is protected.
If you are unsure if security patching is included in your support agreement, please contact us to discuss on 03336663330.