On Monday, a serious weakness in WPA2, a protocol that secures all modern protected Wi-Fi networks, was released. This vulnerability was dubbed KRACK attack because a potential attacker within range of a victim can exploit these weaknesses using key reinstallation attacks. This attack is so concerning because it works against all modern Wi-Fi networks. Attackers can not only read and steal sensitive information transmitted across Wi-Fi, but potentially manipulate the data or insert malware.
When you think about the magnitude of the potential threat vector that is at stake, it is pretty clear to see why this is such a big deal. Here’s everything you need to know about the recent KRACK attack news, who is at risk, and the best steps to take to mitigate risks.
How KRACK attacks work
The weaknesses are in the Wi-Fi standard itself, not in the individual products or implementations. The problem lies within the handshake process and the way that devices connect to the access point. Therefore meaning, that any correct implementation of WPA2 is likely affected.
The main attack is against the 4-way handshake of the WPA2 protocol. The handshake is executed when users want to join a protected Wi-Fi network. This is used to confirm that both the user and the access point possess the correct credentials for access. This is a process that all modern Wi-Fi use. Potential attackers can leverage this by manipulating and replaying the handshake to trick users into reinstalling an already-in-use key. A key re-installation attack is achieved by manipulating and replaying cryptographic handshake messages. This then forces the reset of the incremental transmit packet number (i.e. nonce) to their initial value, which allows for the same encryption key to be used with previous values. By forcing nonce reuse in this manner, the encryption protocol can be attacked – packets can be replayed, decrypted, and/or forged.
Who is at Risk?
As stated before, since WPA2 is used with all modern Wi-Fi connections, everyone is at risk – including wirelessly connected devices. It is discovered that most devices are affected by some variant of the attack including, Android, Linux, Apple, Windows, OpenBDS, Linksys and many more. For a running tab of what products are affected, consult the database of CERT/CC.
How to Mitigate Risk
The first thing that you should know is that changing your Wi-Fi password does not mitigate the attack. Instead, it is important to make sure that all devices are completely updated – including routers, laptops, smartphones, etc. The KRACK attack cannot be pulled off remotely. This means that in order to exploit the vulnerabilities, a threat actor would have to be within range of the wireless environment.
Make sure that you not only have a strategy in place that is focused on protection, but as well as detection. When future exploits and attack strategies surface, a holistic solution can help you detect and respond as soon as penetration into a system occurs. NetServe365’s Unified Security Management service helps organizations monitor the security integrity of their infrastructure. Whether you are in need of log management, threat detection, SIEM or compliance management, NetServe365 delivers cost-efficient and in-depth security management solutions that are more feasible then in-house operations. Not to mention, with implementation you also get access to a full team of security experts that work to harden your network and remediate issues quickly – 24/7/365.
As with all emerging attacks, it is terrifying to think what could happen to your organization if you are not properly prepared. Need help with your organization’s security posture? Contact NetServe365 today.
It’s time to finally say, Happy Holidays! While the holiday season is for spending time with your family, eating way too much, and spreading the holiday cheer, it also signifies that the year is coming to an end. And, we’ve all heard the cliché saying, new year new me, right? Well, as you might have … Continue reading “New Connections: An Introduction to Magna5”
In the recent Solarwinds MSP Cyber Preparedness Survey, Solarwinds surveyed 400 Small- to Medium-Sized Enterprises. This survey investigated the cyber security preparedness, experiences and failings of these organizations to better understand what we can be doing to better protect critical information. The headlines of all the attacks this year are enough to scare people to … Continue reading “7 Pitfalls That Are Hindering Your Cyber Security”
FOR IMMEDIATE RELEASE Contact: Anne Clarrissimeaux Communications Manager Magna5 email@example.com 214-552-0910 MAGNA5 ACQUIRES NETSERVE365 Fourth acquisition in 18 months strengthens PaaS, IaaS, UCaaS services portfolio with addition of award-winning network and server monitoring and management, cloud hosting and managed IT security services Pittsburgh (November 16, 2017) – Magna5, a portfolio company of NewSpring … Continue reading “Magna5 Acquires NetServe365”