Announced over a week ago, weaknesses found in the WPA2 wi-fi protocol has the news and social media in a stir. In all the chatter that has come out on the topic, I found myself asking more questions after reading each article.
So the purpose of this blog post it to lay out the things I think you should know from the perspective of securing your business's wireless networks. I'm not going into the what's or how's of the attack, as there are a thousand places you can find that. These are meant to be actionable items for you to take as soon as possible.
- By the very nature of KRACK, the attacker does not have to have access to the network, so it doesn't matter how strong your wi-fi password is. If carried out correctly, the attack allows a hacker to see traffic to/from your device, inject packets into the stream, and possibly even access storage on your device; all without being authenticated to your wi-fi network.
- If you only have guest/outside access for wi-fi, and cannot access your internal servers and other assets from wi-fi, your risk is greatly reduced. Most clients we work with are in this boat and should be strongly considered if you currently have wi-fi access to your production network.
- Understand that the attacker has to be in physical proximity to your wireless router. This means that someone in North Korea cannot carry out this attack remotely without the help of someone sitting near your location. This is not a vulnerability that is open to the entire internet. The term "proximity" is a bit vague here; I've seen examples where experienced hackers can access wi-fi from over a mile away, but for practical purposes, let's assume a couple hundred yards.
- Turning off SSID broadcast does not prevent this attack. As it turns out, this is not the best practice that everyone wants to make it out as. In fact, Microsoft even discourages it here: https://blogs.technet.microsoft.com/networking/2008/02/08/non-broadcast-wireless-ssids-why-hidden-wireless-networks-are-a-bad-idea/
- Even with this weakness, WPA2 is still the recommended wireless security protocol. Going to an older protocol is not suggested.
- SSL and VPN traffic are protected from this attack. So, if you go to https:// sites to transfer sensitive data (as you should be doing anyway), the KRACK method cannot see or inject into that traffic. If you connect your device directly to a VPN, the KRACK method cannot see or inject into that traffic. Obviously, both are recommended where possible.
- As usual, you need to patch your devices as soon as it becomes available (both routers and laptops/tablets/etc.). This site reports on the various manufacturers and the status of their patches (it's about 1/3 of the way down): https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it
I hope you find this helpful, let us know if you have any other questions or concerns: support@bedelsecurity.com
If you'd like to receive more information like this on the current trends in the cybersecurity industry sign up for our weekly newsletter below.
[mc4wp_form id="1943"]
Sources:
https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-security-vulnerable-hacking-us-government-warns
https://www.wired.com/story/krack-wi-fi-wpa2-vulnerability/
https://krebsonsecurity.com/2017/10/what-you-should-know-about-the-krack-wifi-security-weakness/