On October 16, 2017 a serious security vulnerability has been published by researchers from KU Leuven, a university in Belgium. This has to do with WPA2 protection in WiFi networks, which is the modern security standard considered to be very safe so far.
This vulnerability has to do with the WPA2 technology itself and is not a fault of any specific vendor. So basically all vendor devices which implement the WPA2 standard correctly are affected by this weakness.
KRACK stands for “Key Reinstallation Attacks” and in summary it tricks the Wi-Fi client device to install an all-zero encryption key. This attack is easier to be executed on Linux and Android devices but all WiFi clients and network devices using WPA2 are vulnerable.
Have a look at the official video below which demonstrates what an attacker can do with this attack:
As you can see from the video, all data transferred from the WiFi client on the “protected” WPA2 network can be captured by the attacker.
Some might say that if you use secure client protocols (such as HTTPs) then you are still protected.
This is wrong because the attacker can use for example SSLSTRIP and reroute the connection into a normal HTTP communication which does not encrypt anything. Then with packet capture software (such as wireshark) they can steal your sensitive information such as login credentials, banking details, credit card numbers etc.
Statistics show that WPA2 is used on over 60% of all Wi-Fi networks, so you can understand the impact of this. WPA2 Enterprise is also used in many corporate networks, and this is still vulnerable as the initial research has shown.
My recommendation is to temporarily disable any Enterprise WiFi networks that rely on WPA2 protection until patches are distributed by the vendors.
The good news is that big vendors (Microsoft, Google etc) said that this weakness is patchable in software and they will issues patches very soon. However, its still unknown if you only have to patch the WiFi clients only or if the actual WiFi Access Points will need software updates as well.
In any case, for now just avoid to perform any sensitive transactions over WiFi networks (especially if you use Android smartphones) and wait for security patches to be available.
More information on the official website here: https://www.krackattacks.com/
Related Posts
- How to Scan an IP Network Range with NMAP (and Zenmap)
- What is Cisco Identity Services Engine (ISE)? Use Cases, How it is Used etc
- What is Cisco Umbrella Security Service? Discussion – Use Cases – Features
- 7 Types of Firewalls Technologies (Software/Hardware) Explained
- 10 Best Hardware Firewalls for Home and Small Business Networks