News of the U.S. government’s warning that “most or all” of the password-protected Wi-Fi networks in the world could be compromised through the numerous vulnerabilities released under the name “KRACK Attacks” should have your IT department swinging into action.
Harry Sintonen, F-Secure Senior Security Consultant, suggests patching both devices and access points as soon as possible.
“The actual details are a bit hazy as to what exactly is needed to exploit the vulnerabilities, and which combinations of vulnerable and non-vulnerable devices are problematic,” he said.
Fixes may already be available depending on the manufacturer. But some might not be so lucky: “Many end-user Wi-Fi access points and devices might never get an update, and may need to be replaced,” Harry notes.
Given the amount of manufacturers now required to issue emergency updates, precautions must be taken in the meantime.
“If your corporate network uses WPA2 to provide a ‘secure’ network, and does not use encryption between endpoints or servers, you may want to rethink whether you consider that network trusted,” Harry says.
“All WPA/WPA2 based solutions are affected, including WPA2 Enterprise. This means that most corporate Wi-Fi networks are affected as well.”
So what should your business do with a Wi-Fi network they cannot trust to be reliable?
“The good news is that the protective measures used to remediate these vulnerabilities are things you should do anyway, as we’ve never considered Wi-Fi to be secure in the first place,” says Jarno Niemelä, F-Secure Labs’ Lead Researcher.
Unlike many cyber attacks, attacks utilizing the KRACK vulnerabilities cannot be performed anywhere in the world.
“A practical attack requires the attacker to inject raw Wi-Fi frames over radio,” Harry said. “Thus, the attacker needs to be in relative vicinity to the target environment.”
If an attacker is close enough to your network, he may be able to gain access to at least some of your traffic, depending on which protocol your device uses.
“If the device uses the TKIP protocol, the attacker can do everything – that is, both read and manipulate traffic,” explains Jarno. “If the device uses AES, which is the recommended protocol, the attacker can only read traffic.”
Some specific devices are at particular risk of being compromised, according to the the KRACK Attacks site, especially devices running Android 6.0 and above. This means that 41% of Android devices are vulnerable to this exceptionally devastating variant of the attack.
“We’re aware of the issue, and we will be patching any affected devices in the coming weeks,” a Google spokesperson told Forbes. Apple, however, says that it has already patched the exploits for iOS, tvOS, watchOS, and macOS betas.
For now, anyone using Wi-Fi with these vulnerabilities unpatched should keep in mind that the network they’re on could be as insecure as any free public Wi-Fi.
Leave a comment