KRACK – Key Reinstallation Attacks against WPA2

Recently released at http://www.krackattacks.com – a serious weakness in WPA2 has been found by the team there.   For all the heavy technical details, go there.

The krack itself basically hacks the encryption ITSELF within the Wi-Fi WPA standard, when clients negotiate, they perform a multi-step encryption key.   By recording, and replying some packets, we can trick devices into using encryption keys more than once – which means now we can decrypt their traffic, and/or hijack TCP sessions and inject traffic into the network.

The key here is that we are attacking CLIENTS – not infrastructure, so we can go after an individual client and steal their data.    This means the majority of the updates will be against CLIENT operating systems.

The bottom line is that here is what you need to know.

  1.  The vulnerability means almost all modern Wi-Fi networks are affected, doesn’t matter if you have WPA1, WPA2, AES, it is all affected.  The issue is in the actual standard.
  2. The only way to protect yourself against the vulnerability – is a code related update
  3. Some attacks are better than others, Android and Linux are apparently quite badly affected, and give up their encryption easily.  Others can be done, but are more of a challenge.
  4. If you are using HTTPS or other encrypted methods on your device, this will protect you.
  5. Update your equipment, especially client operating systems as soon as possible
  6. Disable Wi-Fi if you are in a sensitive environment.

Justin’s Thoughts

This is a problem, but for many this is a bump in the wire.    Wait am I crazy for saying this?     In our modern world you shouldn’t be trusting your network anyway – yes that is right, trust no-one.   Even your corporate LAN.  We think nothing of connecting at a Starbucks, or at home where our children have virus-laden machines.  Why would we trust the wild west that is the corporate LAN/Wi-Fi these days.  Especially when you consider that most attacks these days occur inside.

Network-as-an-enforcer, Network-as-a-sensor – technologies like StealthWatch, these types of technologies continue to be extremely key in the safety and security of our networks.     Technologies that watch for strange behavior (like duplicated key packets) and protect against replays.     Would these types of technologies saved you here?   I cannot speak to that right now.

How many times do we need to say this – security is a multifaceted, multi-layer approach.   You must never rely on a single security layer.   We run HTTPS, we use client-side AV, client-side firewalls.    Client devices should already protect themselves against attacks or vulnerabilities that exist in the network domain.

If you are being responsible, operating your networks and infrastructure in a responsible manner, this shouldn’t be a big deal for you.    I would still go and update your networks ASAP, but if you are following best practices in your network, you should be ok.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s