Those of us in the cyber security industry were recently alerted by the United States Computer Emergency Readiness Team (US-CERT) about an imminent attack on the integrity of Wi-Fi communications. The attack is one that makes all Wi-Fi networks vulnerable whether working on a private in-office network, at your favorite coffee shop or even in your own home. The announcement was made public just after midnight on October 16.
According to an article on Ars Technica, “The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks….” https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
US CERT ADVISORY
An advisory the US CERT recently distributed to about 100 organizations described the research this way:
“US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected.”
Security researchers claim devices running macOS, Windows, iOS, Android, and Linux will be affected by the vulnerabilities.
Attackers Can Eavesdrop And Steal Valuable Information
According to some reports, “It is evident that a vast majority of existing access points aren’t likely to be patched quickly, and some may not be patched at all. It also seems that if the initial reports are accurate that encryption bypass exploits are easy and reliable in the WPA2 protocol, it’s likely attackers will be able to eavesdrop on nearby Wi-Fi traffic as it passes between computers and access points. It might also mean it’s possible to forge Dynamic Host Configuration Protocol settings, opening the door to hacks involving users’ domain name service.”
Forbes.com reported the following from researcher Mathy Vanhoef, from Belgian university KU Leuven, “This (KRACK) can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
According to a very recent article, “Microsoft says it has already fixed the problem for customers running supported versions of Windows. “We have released a security update to address this issue,” says a Microsoft spokesperson in a statement to The Verge. “Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected.” Microsoft is planning to publish details of the update later today.
The best advice for individuals is to keep your devices up to date. Until updates appear, consumers can still take steps to safeguard against KRACK. The easiest thing would be to simply use a wired ethernet connection, or stick to your cellular connection on a phone. That’s not always possible though.
If you need to use a public Wi-Fi hotspot—even one that’s password protected—stick to websites that use HTTPS encryption. Secure websites are still secure even with Wi-Fi security broken. If that’s not possible, try to avoid using Wi-Fi whenever possible until a patch is in place.
Business has always been risky, however with so much business taking place in the cyber world it’s riskier than ever with new vulnerabilities and attacks happening daily. If you are a business owner call our offices to set up a free consultation to make sure your cyber security is up-to-date.