A devastating flaw in Wi-Fi’s WPA security protocol makes it possible for attackers to eavesdrop on data when devices or other endpoints connect to the Wi-Fi network. Dubbed KRACK (Key Reinstallation Attack), the issue affects the Wi-Fi protocol itself, and works against all modern protected Wi-Fi networks. This means that if any device uses Wi-Fi, KRACK is highly likely to impact it. Fortunately, over the course of this week major software and operating system companies have moved quickly to patch the issue. However, issues remain with many users not patching their devices or adhering to IT security best practices.
In this blog post, Wanstor’s networking and security experts have developed some advice for IT teams which may have end users affected by the KRACK attack.
How does KRACK cause issues in Wi-Fi security?
KRACK targets the third step in a four-way authentication “handshake” performed when a Wi-Fi client device attempts to connect to a protected Wi-Fi network. The encryption key can be re-sent multiple times during step three, and if attackers collect and replay these retransmissions in specific ways, Wi-Fi security encryption can be broken.
What happens when Wi-Fi security is broken?
In short the attacker can eavesdrop on all traffic you send over the network. This means hackers can use KRACK to steal sensitive information such as credit card numbers, passwords, chat messages, emails, and photos etc. By deploying a HTTP content key through a KRACK attack means the attacker could sneak code into the websites users are looking at to infect devices with ransomware or malware.
What is affected by KRACK?
If a device uses Wi-Fi, it’s likely to be vulnerable to the KRACK security flaw to some extent. At Wanstor we believe the major vulnerabilities IT Managers should be concerned about are across the following areas:
Access points can be vulnerable if:
- Used in “Client” mode
- Used in “Repeater” mode
- Using Fast Roaming or Fast Transition (802.11r)
All major client devices are affected to varying degrees. The following operating systems may be affected:
- Apple (Including iPhones/iPads)
- Linux (Including Android)
Depending on the different operating system version you are using on your device a patch should be available. Although for Android, patches are still not available for version 6.0, and those using devices with this operating system on them are advised to turn the Wi-Fi off on their device and use a 4G/Ethernet connection instead until a patch is released.
IT Managers should also take note that other devices which connect to the Wi-Fi may be affected by the KRACK attack including: Printers, Cameras, Hand Held terminals, Smart TVs and WiFi HVAC sensors. The best advice we can give you is to check what operating system these devices are using, how they are connecting to Wi-Fi and install any relevant patching software from vendors.
Key vendor responses to KRACK
All major device and networking vendors have developed patches to help users and IT teams lessen the impact of a KRACK attack. A handy checklist of suppliers and what they are offering to help mitigate any KRACK attack can be found here:
Cisco Meraki – Only vulnerable where 802.11r is enabled. Patches available in both the 24.X and 25.X firmware. Upgrades will have been automatically applied unless manually declined by IT teams. Please visit https://tinyurl.com/meraki-krack for more details.
Cisco – Only vulnerable where 802.11r is enabled. Patches are available from Cisco for IT teams. For more information please see https://tinyurl.com/cisco-krack.
Draytek – Only vulnerable when used as repeaters. Firmware upgrades to be released starting next week. Please see https://tinyurl.com/draytek-krack for more details.
Ruckus – Vulnerable when used in Mesh or Repeater mode. Vulnerable when 802.11r is enabled. Patches will be made available, although as yet no date has been published.
Please see https://tinyurl.com/ruckus-krack for more details.
Other manufacturers – Please check with manufacturers for firmware updates.
For client devices, key information and vendor responses include:
Microsoft – Patches are already available for all supported O/S versions and will have been installed as part of the October patches. For more information about Microsoft’s response click here – https://tinyurl.com/ms-krack.
Apple- Patches are available in the latest beta builds of OS X and iOS. There is currently no patch for stable versions. Patches are set to be released in iOS version 11.1, watchOS 4.1 and macOS High Sierra 10.13.1.
Android/Linux – Due to the diverse nature of the operating systems, it is difficult to say when patches will be available. Major Linux distributions have updates available for the wpa_supplicant package. Google claims it is currently working on a patch for Android. Outside the Nexus/Pixel range, patches will depend on the manufacturer.
Other embedded devices – Please check with manufacturers for firmware updates.
How to protect yourself from KRACK’s Wi-Fi flaw
The advice is pretty simple really, keep all devices up to date with relevant patches and security software. Given the potential reach of KRACK, patches are coming quickly from many major hardware and operating system vendors. Up-to-date Windows PCs, for example, are already protected. Until patches updates appear for other devices, end users can still take steps to safeguard against KRACK. The easiest thing would be to simply use a wired ethernet connection, or stick to a cellular connection on a phone or tablet.
If an end user does need to use a public Wi-Fi hotspot (even if its password protected) we strongly suggest end users stick to websites that use HTTPS encryption. Secure websites are still secure even with Wi-Fi security broken. If available use VPN software to hide all internet traffic, and finally do not trust random free Wi-Fi or VPN’s as they probably do not have the right security measures in place.
For IT Managers with groups of end users and networking equipment to look after, best practice guidelines are:
- Disable WPA1 where possible – only use WPA2 with AES encryption
- Install firmware upgrades in a timely manner
- Segregate trusted corporate devices from staff devices
- Disable repeaters and clients until the upgrades are available and can be carried out
- Disable Fast Roaming/Fast Transition (802.11r) until the upgrades are available and can be carried out
- Apply OS updates in a timely manner
- Regularly check all devices (including embedded devices) for firmware updates
- Disconnect embedded devices from Wi-Fi networks until firmware updates are available and applied
- Use a trusted VPN to protect sensitive traffic
We hope this article helps you to protect against KRACK attacks. If you have questions about the information provided in this article or you think you may be affected. Contact your vendor partners and Managed Service Provider immediately for the latest advice on how to negate the KRACK attack threat.