Yesterday, we learned about KRACK (or Key Reinstallation Attack) – a security flaw in the WPA2 protocol, which could see an adversary break the encryption between a router and a device, allowing them to intercept and interfere with network traffic.
But understanding the issue is tricky. This, obviously, is profoundly complicated stuff. To help clear things, David Gorodyansky, CEO of AnchorFree and HotspotShield, was asked to explain KRACK like I was five.
Step one, Gorodyansky explained, was a hacker finds a network they want to breach that uses WPA2-PSK, and waits for an individual to connect. This could be at a coffee shop, or an office. PA2-PSK is an encrypted connection that requires individuals to connect with a password (that’s what the PSK stands for, pre-shared key).
When an individual connects to a Wi-Fi hotspot, long before they visit any websites, their laptop or phone will do something called a four-way handshake. This is a process that checks that the password the user has provided is correct, and establishes the encrypted connection between the router and the device.
Here, Gorodyansky said, the hacker “interferes with the initial handshake between your device and the WiFi router in a way that allows the attacker to gain an ability to decrypt the traffic you exchange over WiFi. This means they’re able to do many, many bad things without even being on the network.”
“The attacker doesn’t even need to connect to the network – only to listen to the data you exchange with an access point and emit their own packets back to change things on your system and the router.”
So, what kind of bad things? Well, obviously they’ll be able to intercept traffic. According to Gorodyansky, depending on the router configuration, they’ll be able to modify and forge fake data, interfering with the content of non-secure websites.
According to the researcher that discovered Krack, Mathy Vanhoef, it means that an attacker would theoretically be able to inject ransomware or other malware into otherwise benign websites. This would make it easier to infect those users who tend not to download sketchy attachments, or visit the darker ends of the Internet.
Gorodyansky explained that the adversary would also have access to any attached storage. So, if you’ve attached a USB flash drive or external hard drive to your router, they’d be able to read that.
KRACK also works against WPA-Enterprise, which is typically used in large business environments, rather than personal and small-business networks. “If a company’s network-attached storage (such as company servers) are accessible without a password, or data is accessible between computers on a network, untold amounts of records could be stolen,” he said.
So now, let’s put all this into a sense of proportion. What makes KRACK so scary is that it isn’t an issue with a piece of software, but rather a widely-used protocol. As Vanhoef pointed out, “if your device supports Wi-Fi, it is most likely affected.”
The good news is that it’s easily remedied with a backwards-compatible patch. Vanhoef disclosed the issue to various vendors and software manufacturers months before he told the public about it. This means they’ve had a head-start to issue fixes, which most have done, or will do in the coming weeks. Apple’s fix, for example, is already present in the latest developer beta of iOS 11.
If you are worried about this vulnerability (which you should be) Give us a call and we would be happy to work with you to secure and update your network. If your already a contract customer of ours we have already implemented security patches to mitigate this threat.
Images from Webroot