Crackin’ the KRACK Attack

Author: cdinsmore October 18, 2017

Author: Matt Ahrens
Published: 10/18/17

What is the KRACK Attack?

KRACK is a flaw in WiFi’s WPA2 security protocol that enables eaves dropping on WiFi connections. It's a key replay attack where in a threat actor can trick your computer, mobile phone, Internet of Things (IoT) device, or wireless access point into sending an unencrypted message. For example, the most vulnerable devices to this attack will allow a blank encryption key to be used, leaving plain text messages transmitted over wireless networks.

What's vulnerable to KRACK Attacks?

The WPA2 Protocol is vulnerable, which means that anything using either AES-CCMP or TKIP is vulnerable to the KRACK attack.  The most appropriate implementation will suffice and allows for key replay.  The nature of wireless connections means that both the access point and the client you're using are vulnerable.  Many times wireless attacks are focused on specific network attributes, client trust issues, or other cryptanalysis type attacks.

While we still don't know all the specifics on KRACK attacks with regard to which wireless devices and applications will be patching and when, we do know this much: you’re going to have to update your mobile devices, IoT devices, wireless firmware, and anything that speaks WiFi.  Researchers say that that Linux is particularly vulnerable and allows for blank encryption keys to be used.  Because Linus is the go-to operating system for the vast majority of IoT devices, this means that just about every IoT device you own could be intercepted or be used to perform further attacks (maybe a cryptanalysis attack on your wireless keys).

What's the impact?

We’ll see expedited fixes coming out for supported gear, and encourage everyone to get updated, not only on computers and mobiles, but on all devices that are WiFi connected.

In the meantime, public areas where wifi is available will likely see more data being intercepted and it may even be possible to eaves drop on wireless voice and text communications.  In fact, this may already be happening.  It’s absolutely best to use encrypted tunnels and distrust WiFi networks for transmitting sensitive data.

Long term is the issue that's top of mind for us, which is that we see this issue dragging on for years with unsupported IoT devices, Android Phones, and Small Office/Home Office Wireless Access Points, which will continue to be vulnerable to this attack, and allow for significant vulnerability for the next 3-5 years.  This will not go away, and will only amplify the vulnerabilities in IoT devices.  Also, given the Linux basis for most IoT devices, the impact of this protocol issue could be great.

What to Expect?

Watch your vendors closely and update.  If you're using an Android get on your carrier to publish the updates.  If you own IoT devices, get them fixed and fast, they likely use WiFi and can be a target.  We'd expect some cryptanalysis attacks to come of this, based on being able to compare cipher text to plain text, and the knowledge granted by seeing unencrypted data could lead to session hijacking and other nasty attacks against WiFi connected devices.

What can you do?

There’s a few items you can think about:

  • Update all your WiFi enabled devices
  • Use VPNs whenever possible
  • Change your WiFi keys whenever possible
  • Check out Bleeping Computer for a nice list of patches

Topics: Tech Talk , Blog