As you’ve probably read, there is a serious vulnerability in the WPA2-PSK protocol that almost all WiFi traffic uses. This vulnerability is being called ‘KRACK’, which stands for Key Reinstallation Attack. If you have a wireless router, chances are you’re using WPA2-PSK right now, which makes you vulnerable to attack. The scary thing with this vulnerability is just how wide spread the issue is since everyone uses this protocol. It’s not an individual line of devices — we can’t say ‘if you have a Netgear router you are affected’ — it’s more like ‘if you are connected to WiFi, you are vulnerable’.
At a high level, the KRACK vulnerability exploits a vulnerability in the initial handshake. To start, devices look for WiFi networks that it can connect to. Once a network is selected, the device and wireless router will initiate what is known as a four-way handshake. This process involves sending information back and forth between the device and the router in order to setup a secure connection between the two devices. The KRACK vulnerability takes advantage of a vulnerability within this handshake process and allows an attacker to slowly gain the key which is used to make the connection secure. An attacker could then read the traffic between the device and the router. This leaves traffic vulnerable to snooping, and also allows packets to be injected which could make it easier for an attacker to install malware on the user’s machine.
This sounds like all doom and gloom, and it’s definitely a serious vulnerability, however there is some good news. Traffic over TLS/SSL is still secure, which means traffic transmitted over https is still secure and cannot be decrypted using the KRACK vulnerability. Secondly, an attacker would have to be in range of your device and router which limits the attack surface to a few users at a time around a target area. The bad news is that businesses and places where large groups of people connect to WiFi are especially vulnerable, since they have traffic worth looking at and have a large number of people to attack.
Companies luckily are coming out with patches for this as we speak. Windows and Linux have already released fixes for this issue and many more are coming soon. In the meantime, if you’re worried about being a target, switch from Wi-Fi to hardwire if you can. In addition, patch as soon as a fix is released.
This is a Security Bloggers Network syndicated blog post authored by Ryan O'Leary. Read the original post at: Blog – WhiteHat Security