WiFi KRACK: Four key steps to manage the risk and protect your network
When the WPA2 vulnerability, better known as the WiFi KRACK was revealed late last year, what followed was a torrent of concerning headlines suggesting that all WiFi communications could be decrypted.
Whilst it is vulnerability at the core of one of the most popular forms of WiFi network security, all is not as bad as some of the articles might lead you to believe.
We’re going to take a realistic look at how this attack works and outline some important steps users and service providers can take to keep networks and devices safe.
What is a KRACK?
KRACK, meaning Key Reinstallation AttaCK, works by abusing a flaw found in the WPA2 implementation declared in the IEEE 802.11i standard. Simply put, this attack works by intercepting and reusing some of the messages that are sent when a device joins a Wi-Fi network.
The perpetrator then uses one of the messages used in the handshake that contains the encryption key. Using this, the encryption counters can be reset to a known value.
Subsequently, the ability to decrypt packets can be achieved, albeit the attacker has to decipher the keystream used for the WPA2 encryption.
If the client has a valid encryption key, decoding this keystream is an incredibly challenging task if the attacker has no idea of the information being sent, even more so if the information they are trying to decode has any form of encryption.
KRACK is a close-range attack, meaning the perpetrator would have to be within range of your Wi-Fi network, this is not a vulnerability that can be exploited remotely. The researchers who revealed the vulnerability have provided a detailed description of how the KRACK attack works.
So…we know what WiFi KRACK is, what should we do about it?
Step 1: Recognise that there can always be vulnerabilities
The first and most important thing is not to panic! That vulnerabilities in the systems and networks we use are being discovered is normal and to be expected.
WPA2 is used throughout the world. It is one of the most globally adopted security layers for accessing wireless computer networks, and was believed to be secure. As with any security layer, we have to admit that there is always the potential for adversaries to break through and gain access to the underlying data.
These compromises and vulnerabilities drive tighter security and new, stronger implementation of existing technologies. Examples such as; SHA1, WEP and MD5 all of which are not recommend for storing any sensitive data now have more secure counterparts.
Step 2: Assess the potential for damage
As with all vulnerabilities and potential breaches, begin by assessing the effect of the vulnerability on an end user. For everyday people, questions such as, how does this affect me? Is my data secured? What devices are at risk? What can I do to address this?
For business and product owners; does KRACK put our client’s data at risk? Are our existing products vulnerable to this? Could this issue grant access to more sensitive areas our business? Businesses should have procedures in place in case an attack like KRACK affects them. The worst course of action is to close down all communications and deny everything.
Step 3: Early recovery, patch things up
What can everyday users do to protect themselves from KRACK and similar attacks in the future?
Simply put, keep your devices up to date. Install security patches, system updates and firmware upgrades for your devices as they become available.
Where patches and updates are unavailable, for example, when a device is no longer being supported by providers, avoid sending any sensitive data, especially if you feel your device/network could be compromised. If there is any doubt about what data is being collected by your devices and whether or not these are secure, contact the manufacturer and ask them for the details.
With this being said, the onus falls on manufacturers and suppliers to support their devices for a reasonable period, fixing security flaws either as they are exposed or to a scheduled security release plan.
How have manufacturers and suppliers addressed this?
Microsoft showed a rapid response and released a security patch for all supported operating systems, and Windows 7 within a day of this exploit being announced. Though, it is now down to users of these operating systems to update their devices and in some cases such as medical environments this can be difficult.
Apple OS X and iOS
Apple has addressed this in their beta versions of their OS platforms, with the update to be rolled out “soon” to other devices.
Google fixed its own devices with the 6th of November Android security patch. OEM devices receive updates after the manufacturers have vetted the update for their own versions of the OS.
Linux is a bit of an odd case – older versions are more secure than versions running wpa_supplicant 2.4 and above. These newer versions have vulnerability where an all-zero encryption key can be installed instead of the real key, making decryption much easier. Patches for wpa_supplicant can be found here.
The IoT space is where KRACK and similar attacks will have the most effect. A lot of devices become unsupported as soon as a new model is rolled out – leaving a customer with a device which could potentially have a large security vulnerability.
Step 4: Prepare for the relapse
The continual adoption and expansion of data transmission has resulted in a vast increase sensitive information being passed though varying methods of communications. This in turn motivates perpetrators to discover new ways to try and find ways of accessing this data. There is incentive in digital ransom, recognition or even fame. Due to this, breakthroughs are going to continue to happen both on a large and small scale.
As more and more proprietary communications are developed, vulnerabilities in these and existing protocols are unearthed. After accepting that there is always the potential for layers of security to be breached, the key focus should be on what should be done in these events.
Closing thoughts: Don’t let your devices let you down
Although KRACK and similar attacks could cause major breaches of data security, the best and perhaps simplest defence is to ensure that your devices and systems are kept up to date.
Communication of any sensitive data should be encrypted with such technologies as HTTPS/SSL/TLS even within a secure network. These methods of encryption would NOT be broken by KRACK, even if the WiFi network was compromised.
Ideally, every device that can gain access to the internet should have a secure way of updating itself, simplifying the process of patching and reducing administration overhead. This is probably the best preventative measure for the future and defence against as yet unknown vulnerability attacks.
1. Don’t panic!
2. Assess the risk – Understand how the attack really works
3. Patch and updated your devices
4. Be prepared for new vulnerabilities to be revealed