KRACK Attack – WPA2 Wi-Fi Vulnerability: Why You Should Be Concerned
You probably haven’t been able to avoid hearing about the KRACK Attack vulnerability, but here is why you should be paying attention to this particular issue.
KRACK is a proof-of concept (PoC) attack which works on modern wi-fi networks: WPA1 & WPA2, Personal and Enterprise networks, and ciphers WPA-TKIP, AES-CCMP and GCMP.
The attack can be used to steal personal and sensitive information such as passwords, messages, credit card numbers, emails, photos and more.
Released 13 years ago, WPA2 is the standard security protocol that is used worldwide and just about every single wi-fi enabled device in homes and businesses use this WPA (Wi-Fi Protected Access) protocol.
Computers, routers, phones, and particularly all of the IoT devices that we have grown to depend on and adopt as quickly as they are released, are all at risk of this attack.
Via their proof-of-concept video below, researchers were able to successfully launch the attack on an Android phone, demonstrating how the attacker can decrypt any data that is transmitted over protected wi-fi, by the victim.
KRACK (Key Reinstallation Attacks) was discovered by Mathy Vanhoef, of imec-DistriNet, KU Leuven, by accident whilst he was working on an unrelated security paper. Further investigation revealed that the attack works by exploiting a 4-way handshake of the WPA2 protocol which lets new devices that have a pre-shared password, join the network.
Once an attacker establishes a man-in-the-middle position between the client and the access point, they can then “selectively manipulate the timing and transmission of messages in the WPA2 Four-way, Group Key, Fast Basic Service Set (BSS) Transition, PeerKey, Tunneled Direct-Link Setup (TDLS) PeerKey (TPK), or Wireless Network Management (WNM) Sleep Mode handshakes, resulting in out-of-sequence reception or retransmission of messages.”
In easier to understand terms, the victim is tricked into reinstalling a key that is already in use and the attacker does this by manipulating the handshake and then replaying it.
After getting inside your network, the attacker can then listen in on all of your network traffic and although the attacker does need to be within physical proximity to the device or wi-fi network, public wi-fi hotspots are everywhere with many people using them in their day-to-day travels, so there is still some cause for alarm.
Because the vulnerabilities are in the Wi-Fi standard itself and not the actual device, if your WPA2 is set up correctly it is still affected.
Any device that uses wi-fi is at risk, so taking stock of all of your wi-fi connected ‘things’ is a good idea. Vendors of IoT devices don’t often release updates or security patches, so these are the devices you need to be particularly wary of on your network.
Changing passwords will not make the device secure, so it is up to these vendors to provide patches for their devices and up to you to make sure that patch is applied as soon as it is available.
It is also being advised that use of a secure VPN whilst browsing the internet to encrypt all of your traffic is a good idea. Visiting HTTPS only websites may also be safer as (at this stage) this traffic can’t be decrypted using this attack.
At this stage, it is unknown as to whether attackers have been/are currently exploiting this in the wild, but as with every proof-of-concept that gets released, there is a risk of would-be attackers taking it upon themselves to test and utilise this exploit.
What you need to do
Update/patch the firmware for your router/modem and access points as soon as a patch is available.
Make sure updates/patches are also applied to any of your IoT devices (Home assistants, amplifiers, sound bars, stereo equipment, kettles, aircon, etc) as well as tablets and phones.
Update/patch any devices with wi-fi capabilities: printers, faxes, switches, computers, particularly laptops – make sure the firmware has been updated as well as your operating system.
A list of currently known vendors who have products affected by this vulnerability, can be found here.
If your vendor hasn’t released an update for your device as yet, continue to check for it or visit the vendors website for more information.
Patches that have been released by vendors thus far:
- Apple: iOS, macOS, watchOS and tvOS patches are currently in beta stage and are to be released via software updates over the coming weeks
- Arch Linux: Patches for WPA Supplicant and Hostapad are available
- Aruba: Patches are available for ArubaOS, Aruba Instant, Clarity Engine and others
- Cisco: Many of the Cisco devices are affected but at this stage only some patches are available, pending further investigation
- DD-WRT: Flashrouter patch available
- Debian/Ubuntu (Linux)
- Espressif Systems: Patches have been released for ESP-IF and ESP8266 versions
- Fedora
- Fortinet: Firmware updates are expected
- Google: Any affected devices will be patched over the coming weeks
- HostAP: Several patches are available
- Intel: Updated wi-fi drivers and patches for chipsets that are affected have been listed
- LineageOS
- Linux: Patch is available (OpenBSD was previously fixed in July)
- Microsoft: Security update was released via automatic updates on October 10, 2017
- Microchip Technology
- MikroTik
- Netgear: WAC120, WAC505/WAC510, WAC720/730, WN604, WNAP210v2, WNAP320, WNDAP350, WNDAP620, WNDAP660, WND930
- OpenBSD
- Ubiqiuti
- Ubuntu
- WatchGuard
F5 Solutions has been providing refreshing IT support for small-to-medium sized businesses since 2011. Our collective experience and industry service began as early as 1999.
We deliver IT support and services in Richmond, Windsor, Hawkesbury, Blue Mountains, and the Greater Sydney area. We also service customers with branches Australia-wide.
More Information
Contact Info
PO BOX 56 Kurrajong NSW 2758
PH: 02 4572 2206
Email: hello@f5solutions.com.au
Office Hours: Mon-Fri, 8AM-6PM
(After Hours by Appointment)
© 2021 F5 Solutions Pty. Limited ABN 89 153 991 765