Just Say NO to Krack! Learn about WPA2 Exploits


October 19, 2017

Okay, enough with the 80s ‘War on Drugs’ flashbacks… Let’s talk a bit about the WPA2 flaw that was announced earlier this week. The flaw allows bad hombres who want to get at your personal information to use key re-installation attacks (KRACKs) to manipulate and replay cryptographic handshake messages.

An attacker leveraging KRACKs is able to de-crypt all data the victim transmits. The attack focuses it’s energy on the the 4-way handshake of the WPA2 protocol. The handshake happens every time someone attempts to join a protected Wi-Fi network. It’s used to confirm that all parties involved have the correct credentials.

The flaw was discovered by Mathy Vanhoef of the IMEC-Distrinet Research Group from Ku Leuvenn University in Belgium and rather than go into all the nitty gritty details of what was found, we suggest you watch this video:

Okay…so you’re asking the obvious question; how does this affect you? Are you currently connected to a Wi-Fi network? Then you’re exposed and vulnerable to this type of attack. But don’t panic, so is everybody else!

screaming girls

(We know…it’s terrifying)

Now that the mass hysteria has dissipated we can get down to business. The fact that everyone is vulnerable to KRACKs is a GOOD thing… from a certain point of view. So what can you do to protect yourself? That answer is surprisingly easy to understand and straight forward but potentially difficult to implement.

Lets start with the simple slolution to avoiding a KRACKs attack: Keep your devices up to date. Why’s that difficult to do? Sometimes it can take developers and vendors foooooooooorever to issue software updates and patches.

That’s not exactly all that helpful on the surface and waiting on a vendor to issue a software patch can be tedious. Knowing that to be the case, we’ve scoured the internet to find out what manufacturers are saying across the Internet of Things regarding how long it will take before you can update your affected devices.

Lets start with the consumable, end-user products first:

Apple – The Man in Cupertino released a statement on Monday saying a fix for the vulnerability was already deployed to users who’ve installed the companies beta software (ranging from MacOS to iOS).

Normal end-users should expect to see the fix pushed to them sometime before November.

Google – Oh Google…Google, Google, Google…when are you going to learn? As it turns out, Android users are more susceptible to KRACKS than ANYONE ELSE. Why? Software fragmentation and inconsistencies.

Anyone using Android 6.0 and above are much more vulnerable to KRACKS than any other device in the wild. Google has issued a statement saying a patch will be deployed by November 6th that should fix the issue. But, since it’s up to device manufacturers to actually distribute software to the handsets, it’s anyone’s guess as to when it’ll actually reach the people using the handsets.

So, if you’re an Android user, be very very aware of software updates that might be solicited to you next month.

Microsoft – They’re ahead of the game. A patch that fixes the KRACKs vulnerability is already out there and ready for you to download and apply to your system. Good on you, Microsoft.

But what about the big boys? Well, they’ve issued statements as well and we’ve collected them for you:

Cisco/Meraki – They’re ahead of the curve. According to their blog (https://meraki.cisco.com/blog/2017/10/critical-802-11r-vulnerability-disclosed-for-wireless-networks/) they’ve already solved the problem and suggest effected users go ahead and update their devices with the latest firmware.

Fortinet – The Sunnyvale-based firm has issued a statement as well regarding the KRACKs exploit (http://www.fortiguard.com/psirt/FG-IR-17-196). A fix is in the works but hasn’t been deployed yet.

Ruckus – Honestly, if anybody’s got a better response to the exploit than Ruckus (https://theruckusroom.ruckuswireless.com/wi-fi/2017/10/16/commonsense-approach-uncommon-problem/) I’d like to see it.

Not only have they completely detailed the ins and outs of the attack, they’ve provided a fairly complete list of steps you can take to secure your Wi-Fi network immediately.

The key take-away from the article is this: Disable 802.11r on your Wi-Fi network – Fast BBS Transitions (otherwise known as 802.11r is one avenue the KRACKs attack exploits. If you can disable it on your network, it’s one less way for an attacker to compromise your information.

So is the sky falling?

No. The potential for chaos is high but it’s not the end of the world. You should take the necessary precautions and make sure your systems (Wi-Fi clients and access points) are up to date and running the newest, shiniest software they can be running.

Anyone hoping to perpetrate this level of attack has to have both the tools and the talent to pull it off and have to be in close proximity to your network. As long are you’re vigilant and self aware of your surroundings you should be able to make it through this latest blip of cyber-warfare unharmed. 

Carl Keyser is the Content Manager at Integris.

Keep reading

What to Know Before Installing Co-Pilot for Microsoft Word

What to Know Before Installing Co-Pilot for Microsoft Word

Imagine having an AI assistant that pulls from your notes, marries them to an existing document format, and writes a document for you. That's the power of Copilot for Microsoft Word, which is planned for rollout in 2024 for those who buy the Copilot M365 license....

Bridging the Gap between Automation and Innovation

Bridging the Gap between Automation and Innovation

Automation and Innovation. Some people might say those two words cancel each other out. Yet, I believe these two concepts can create capacity for each other—if your business leverages the free time automation creates to foster innovation. Automation can be...