KRACK Vulnerability – Just How Bad Is It?
- October 16, 2017
- Ryan Miller
- 0 Comment
CERT Coordination Center (CERT/CC) has released information on Wi-Fi Protected Access II (WPA2) protocol vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system. The vulnerabilities are in the WPA2 protocol, not within individual WPA2 implementations, which means that all WPA2 wireless networking may be affected. Mitigations include installing updates to affected products and hosts as they become available.
The WPA2 protocol secures WiFi communication by encrypting data when it is traveling through the air. Every vendor that creates a WiFi capable device will need to develop a patch for each device, and depending on the device (access point, cell phone, router, extender, etc.), push out the update for it to install automatically or have the user manually apply the update. Before we go any further, it is essential to know what encryption keys are and what they do.
An encryption key is a random string of bits created explicitly for scrambling and unscrambling data. Encryption keys are designed with algorithms intended to ensure that every key is unpredictable and unique. The longer the key built in this manner, the harder it is to crack the encryption code.
The attack forces the reinstallation of an encryption key that the hacker controls. The hacker can then decrypt all types of wireless encryption going to and from the device and access point for Android 6.0 and higher and Linux operating systems because an all-zero encryption key is permitted. Keep in mind that if your web traffic within the wireless signal is encrypted the web traffic will remain encrypted, but any data transferred in plaintext will be viewable after decryption of the wireless signal. For this attack to be successful, the hacker must be within the range of your wireless network. If you see anyone parked in front of your house or standing around using a wireless device that you do not recognize for longer than a few minutes you may want to find out what they are doing.
The best way to mitigate an attack on your wireless network using the KRACK vulnerability is to reduce the transmit power of your access point(s) so that the signal reaches just outside of the walls of your home or business. Businesses should have their wireless network separate from the network they use for printers and desktops, and if a wireless network is a business requirement then the network name, or SSID, should be hidden and given only to people that need it. The tools to exploit the KRACK vulnerability are not widely available outside of the researcher realm yet, but as any nefarious hacker will do, the tools will be developed then sold on the Dark Web.
A list of manufacturers that have information on the status of patches for their products can be found here.
Here is a demonstration of the attack.