Release the KRACKen: flaw in Wi-Fi security leaves users vulnerable
Credit to Author: Jean Taggart| Date: Tue, 17 Oct 2017 16:44:37 +0000
A serious flaw in the wireless protocol that secures all modern protected Wi-Fi networks has been discovered.
How serious? If your device supports Wi-Fi, it is most likely affected. This feasible attack, dubbed KRACK, could abuse design or implementation flaws in the Wi-Fi standard, not some specific hardware. The KRACK attack, short for Key Reinstallation Attack, would allow a malicious actor within Wi-Fi range to insert himself into the network and intercept traffic between the device and the router.
This means everyone using WPA2 (the protocol known as Wireless Protection Access 2) could be impacted to some degree.
How impacted depends on multiple factors, but it ranges from traffic interception and decryption of encrypted data to injection of malicious traffic.
Android and Linux are especially vulnerable to this attack, as they can be tricked into re-installing an all-zero encryption key allowing full visibility into the traffic.
The good
- Attacks can be somewhat mitigated if the traffic is HTTPS.
- Apple has already patched iOS, macOS, tvOS, and watchOS. Great if your device is current; not so great if it isn’t.
- Maybe this will finally get outdated routers retired and current ones patched?
- Attacks are stymied by VPN usage.
- If you have automatic updates on Windows, a patch has already been pushed, with a caveat. Microsoft still recommends contacting your hardware vendor to see if updated drivers for your wireless adapter are available.
- Mathy Vanhoef did responsible disclosure and withheld public disclosure until major players could create patches.
The bad
- Android users, with their fractured landscape and poor patching availability, are at risk, some with no possible solution.
- Some routers will never receive an updated firmware making them vulnerable forever. Updating the firmware on a router is beyond what the average user feels comfortable doing.
- While HTTPS can mitigate some attacks, improper implementations on websites are common, and once your traffic is routing through a maliciously controlled “man-in-the-middle” router, you’re vulnerable to other traffic manipulation.
- Expect KRACK to go from POC to practical deployment at the coffee shop very quickly. Remember Firesheep? WEP wardriving? Someone is bound to make an app that will dramatically lower the difficulty to exploit this.
- This won’t be fixed fully until the Wi-Fi standard is changed.
Businesses this affects you too
It is important to keep in mind that not only are individuals impacted by this vulnerability, so are businesses. Any Wi-Fi deployment that uses WPA2 can be exploited.
What to do about it
- Run updates on all your devices, systems, and software. Look out for Microsoft updates, as they issued a patch to address the vulnerability.
- If you’ve got Apple products, update them as well. They are not immune to this type of attack.
- See if your router manufacturers have issued updated firmware that addresses this vulnerability and update as soon as possible. If not, you might consider replacing the router.
The post Release the KRACKen: flaw in Wi-Fi security leaves users vulnerable appeared first on Malwarebytes Labs.