byrnepulgrano

News

Noise

KRACK WiFi Attack - Are you at SIGNIFICANT risk?

The skinny...yet another tremendously widespread WiFi security vulnerability affecting smartphones, PC, Linux and Mac devices. Almost 42% of Android devices. All Linux distributions. Windows PCs as well. Seriously?

The technical details show a vulnerabilities in the way WPA2 and all predecessors handle something called the 4-way handshake by using a Key Reinstallation Attack (“KRACKS”). This is how your smartphone and any other WiFi enabled device requests and authenticates to your WiFi network. If you prefer a full geek out, the findings released by Mathy Vanhoef are contained in summary at this microsite and in more detail here.

These types of attacks are in the “Man in the Middle” (MitM) attack category. Basically, you connect to a WiFi network that you know and trust, but your connection is hijacked and routed to the attacker’s WiFi network. Prior to this research, only WiFi networks that were not password protected were easily susceptible to this (always have been!).

Practically speaking, your realized risk for this new set of vulnerabilities is limited due to two factors:

  1. Proximity. The attacker needs to transmit their fraudulent WiFi network (aka Rogue Access Point) within reasonable distance between you and the legitimate WiFi network in order to lure your device into the trap. Nothing will prevent your device from preferring association with the strongest WiFi signal available for a certain WiFi network name. In most cases this will be the legitimate WiFi network you are attempting to connect to.

  2. SSL. Always (mostly!) saves the day here. When you see the “Secure” or padlock icon in your browser’s search area you can assume that you are protected from this attack. However, certain websites not configured properly can be spoofed and trick your browser. For the extremely paranoid, you can use a VPN provider/client to further obfuscate your web traffic.

The paper claims that “router” hardware may also vulnerable, i.e. WiFi Access Points, etc. Although this seems unlikely, unless this “router” hardware acts as a WiFi extender or WiFi client itself, wherein the device may be susceptible to this attack.

Note that other WiFi vulnerabilities exist and have been deprecated in the past once proven ineffective (e.g. TKIP and WEP). Your WiFi infrastructure should be using WPA2-AES as the security protocol at the time of writing.

You can check for your vendor’s response to the US-CERT notice here:

US-CERT List of Hardware Vendor Notices and Responses

More information:

US-CERT General Vulnerability Notice

Ruckus Wireless Response

Qualys SSL Pulse Server Ratings

Jamison PulgranoWiFi, Security, Android, Windows, iOS, macos