If you’ve been living under a rock since Monday, here’s some news you need to know. A huge, dangerous flaw has been discovered in the¬†industry standard Wi-Fi protocol.

This¬†flaw¬†affects every type of device out there, so long as it’s got a Wi-Fi connection using the WPA2 protocol (Which is pretty much every Wi-Fi capable device out there).

So how bad is the flaw? Well, it’s known as¬†KRACK, and it allows someone to read information transmitted across your Wi-Fi – information previously assumed to be safely encrypted. This could include things like credit card numbers, passwords, chat messages, emails and photos.

While KRACK works against WPA2, it also works against WPA1, personal and enterprise networks, as well as Ciphers WPA-TKIP, AES-CCMP, and GCMP.

Am I At Risk From KRACK?

Both Apple and Microsoft state they have already patched the vulnerability, but very few IT vendors have faith that other, less diligent vendors will resolve the vulnerability.

The recommendation is that until you are sure your devices and those you are connection to have been patched, you should disconnect your Wi-Fi when dealing with sensitive data. This includes OSes, devices, and networking gear.

How Does The Exploit Work?

KRACK stands for Key Reinstallation Attack. It’s a proof-of-concept attack that was demonstrated by a team of researchers, and it works against all modern protected Wi-Fi networks.¬†The bug was discovered by Mathy Vanhoef of Belgian university KU Leuven. According to¬†the company’s site.

“We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.

“This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

“The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected.

“To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.”

Some Helpful Resources

Here is a list of vendors who may be affected, and another list of WPA2 patches released by vendors.

Posted by Adam Ipsen

Leave a Reply