Researchers have discovered a new weakness found in the WPA2 protocol (Wi-Fi Protected Access 2), the security method which protects all modern Wi-Fi networks, known as the KRACK security flaw. Although there is no evidence at this time that the KRACK vulnerability was maliciously exploited, this still raises many concerns for both personal and enterprise wireless devices.
What is the KRACK Security Flaw?
KRACK stands for Key Reinstallation Attack, and it is a vulnerability that allows an attacker to break the encryption between a router and a device, allowing the attacker to eavesdrop on and interfere with network traffic. This means things like passwords, messages, notes, etc., could be intercepted by a malicious attacker, and used to access sensitive information.
The KRACK security weakness exists within what is known as the four-way handshake. This is a network authentication protocol that is used to establish secure wireless authentication. According to information released by the initial researches who discovered the flaw, depending on the type of network connection, an attacker could possibly inject and manipulate data. This could result in injection of malware that could affect both personal and enterprise devices.
What We Know About the KRACK Security Flaw
There is no evidence so far suggesting that a malicious attacker has exploited the KRACK security flaw. Additionally, the discovery was withheld from public knowledge until the appropriate vendors were notified and given the opportunity to create new security patches. Additionally, an attacker attempting to exploit the KRACK security flaw would have to be within physical range of the wireless signal. According to an article published by Krebs on Security, sensitive information such as email access or bank account information is likely protected with end-to-end SSL encryption (any website using https…) and should not be affected by the KRACK security flaw.
What Can We Do to Protect Against the KRACK Security Flaw
If you or your organization have yet to protect yourself against the KRACK vulnerability, there are a few things you should do today:
- Install appropriate vendor patches. Do some research to see what patches have been made available for your devices’ operating systems. Check out the CERT advisory to see if you are affected and if patches are available.
- Ensure you are using proper segmentation controls to protect your internal networks from all wireless devices.
- If you find there are no available patches for your devices and systems at this time, disable wireless and connect all devices via Ethernet/wired connections.
Sarah Morris is a guest blogger from auditor KirkpatrickPrice. The original blog post may be found here. For additional information on security program best practices, visit the Center for Internet Security (CIS) or contact Sarah at s.morris@kirkpatrickprice.com.