Cybersecurity

Cyber Risk Alert: All Wi-Fi-Enabled Devices Susceptible to Attack

By October 17, 2017 No Comments

2017 has seen more than its fair share of cyber breaches – with the WannaCry ransomware attack, the NotPetya ransomware attack, the Equifax breach and, most recently, the Key Reinstallation Attack, or KRACK attack for short, which affects all devices connected to a Wi-Fi network. While many vendors have provided patches for this newer vulnerability, most organizations haven’t yet applied them.

Here’s what you need to know:

What is the KRACK attack?

KRACK leaves all Wi-Fi-connected devices vulnerable to attack, even those that are password-protected. This critical security flaw was discovered in the Wireless Protected Access 2, or WPA2 – the industry standard for Wi-Fi security protocols, which most routers use to encrypt the connection between devices like a phone or laptop and the router. The KRACK attack allows malicious actors to exploit vulnerabilities found in WPA2, including information previously assumed to be safely encrypted. More details can be found here.

Will I be breached?

Reports of attackers leveraging this attack “in the wild” have been scattered, but security researchers are most likely working on tools that will automate this tactic. Once these tools are available and it becomes easy enough for hackers to execute, we anticipate a significant increase in attack activity. For the attack to be carried out, an attacker must be physically in range of a particular Wi-Fi network. But wireless devices – including IoT devices like fitness bands and other wearables, wireless thermostats and smart TVs – and the networks they connect to are ubiquitous, increasing the risk of an attack.

What should I do about it?

  • Vendors have been and still are releasing patches for the set of KRACK vulnerabilities, so make sure you’re using the latest version of software and all patches have been applied. Your friends at ZDNet have a great list of all available patches.
  • Don’t disable WPA2. Exploiting KRACK takes a bit of technical skill and know-how. Going back to WEP or an open WAP (older security protocols) will invite a whole new world of trouble.
  • Make sure all sensitive information is sent via an encrypted protocol. An attacker may be able to leverage the KRACK vulnerability to gain access to your wireless network, but encrypted protocols such as HTTPS still protect your network traffic.
  • Especially for home users, disable any network shares that don’t require authentication.

The video here provides a great overview of the KRACK attack and proof-of-concept (POC) from www.krackattacks.com, created by the researchers that disclosed the vulnerability.

Attacks like these can be complicated to defend against. Make sure your organization is actively applying patches and conducting regular vulnerability assessments.

For our fellow tech folks out there: MITRE has reserved 10 CVE designations for KRACK, which will be updated as more information is available:

  • CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake
  • CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake
  • CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake
  • CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake
  • CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake
  • CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it
  • CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake
  • CVE-2017-13086: Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
  • CVE-2017-13087: Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
  • CVE-2017-13088: Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.

Still have questions? We’re here to help. Give us a call at 615-499-7600 or send us a note at info@asylas.com.

Leave a Reply