The KRACK Attack targets a weakness in the WPA2 key management making secure Wi-Fi networks weak.
Statistics gathered by Wigle, show that 60% of Wi-Fi networks are secured by WPA2. WPA2 is the most widely used method to encrypt Wi-Fi traffic. It’s used in homes and in enterprise networks. WPA2 is implemented using a pre-shared key or by using 802.1X authentication with an EAP protocol. The KRACK Attack vulnerability is widespread as it affects a flaw within WPA2 key management.
On October 16th, 2017 the KRACK Attack vulnerability was discovered by a security researcher at KU Leuven, Mathy Vanhoef. He is a PhD in computer science and has published many research papers and presentations on the topic of security. Take a read here: http://www.mathyvanhoef.com/p/publications.html. Check out the details of KRACK Attack written by Mathy Vanhoef at http://krackattacks.com.
What Is The KRACK Attack?
The KRACK Attack targets a weakness in WPA2 key management using key reinstallation attacks. An attacker, within range of a victim, can read information which is thought to be encrypted and secure. The ramifications include sensitive information that can be stolen if not transported in a secure method and the possibility of injecting/manipulating data into websites as the attacker performs a Man-In-The-Middle attack.
The KRACK Attack does not affect specific devices but targets the 802.11i amendment which defines the use and operation of WPA2 and key management. Any device utilizing WPA2 is affected.
KRACK Attack specifically targets the 4-Way Handshake process by manipulating and replaying cryptographic messages.
How Does The KRACK Attack Work?
An attacker needs to be in proximity to its victim. While Wi-Fi signals travel quite a distance, the attacker would need to be able to be fairly close in order to perform a Man-In-The-Middle Attack (MiTM). A Man-In-The-Middle attack is required to successfully pull of the KRACK Attack by the attacker. A MiTM attack is when an attacker makes the victim’s traffic go through the attacker before getting to its final destination.
The attacker will spoof a real access point and trick a client into joining the rogue access point but allows Wi-Fi authentication to complete. To pull off the KRACK attack, the attacker will replay a message within the 4-Way Handshake. The flaw here is that the victim’s device will accept the replay of one of these messages when it should not. Thus allowing the attacker to use a previously used key. A key should only be used once and this is the flaw KRACK attack targets.
Is There A Fix?
Yes there is a fix! First of all, there are 10 total vulnerabilities. 9 of the vulnerabilities target the client side. What this means is any client device using WPA2, which is any modern device, will need to be updated. Whether that is iOS, Android, IoT devices, laptops, etc. They all need to be updated by the vendor. Some vendors have already issued updates to fix this issue.
1 vulnerability targets the Wi-Fi infrastructure and major vendors have already begun releasing updates to patch this security issue.
The technical fix to KRACK Attack is to prevent the reuse nonce values. Devices must not accept previously used keys. A workaround on the infrastructure side, such as controller-based wireless LAN controllers or cloud-managed controllers is to disable 802.11r.
Vendors who have released updates (not a full list):
Patch management of devices and infrastructure is critical. Occasional patching keeps you on top of security updates. Vendors keep release notes with their patches which IT can review and implement in a timely fashion.
The key to a successful security plan is to take a layered approach. A firewall is not the only thing you need to secure your network.
Should I abandon WPA2?
No. There are updates being applied to devices and infrastructure hardware to address KRACK Attack.
Should I change my WPA2 password?
Changing your WPA2 password does not resolve the issue as KRACK Attack focuses on key management within WPA2.
Keep your devices updated regularly to stay on top of security patches. This will help protect your network against malicious hackers who try to use these attacks as soon as they are released.
Do you have any questions or concerns about the security of your Wi-Fi network? If so, reach out to us using the contact form below.