KRACK Wi-Fi Hack Leaves Almost Every Network Open For Attack
By Kenneth Sprague | October 17th, 2017
Monday was a tough day for our engineers following the public release of a bug that effectively broke down the WPA2 security protocol for Wi-Fi networks. WPA2 is at the heart of most modern Wi-Fi devices, including computers, phones, and routers. The bug known as “KRACK” for Key Reinstallation Attack, exposes almost every wireless-enabled device uses a fundamental flaw lying in the protocol’s four-way handshake, allowing new devices with a pre-shared password to join a network.
That weakness can, at its worst, allow attackers to decrypt network traffic, hijack connections, and inject content into the traffic stream. Basically, this gives the attacker an all-access key to eavesdrop on your network traffic. If your device supports Wi-Fi, it is likely affected by this vulnerability.
Luckily, Mathy Venhoef, the computer security academic who discovered the flaw, hasn’t released any proof-of-concept exploit code, so there is currently little risk of immediate or widespread attacks. The US Homeland Security’s cyber-emergency unit US-CERT, also warned vendors ahead of public disclosure to give them time to prepare patches that can prevent the vulnerability from being exploited in the wild. Despite the head start, it is only a matter of time before malicious code is written and unpatched networks are attacked.
Available Patches & Next Steps
It is now up to vendors to mitigate the security vulnerability and any issues this new opening may cause. According to the US Department of Homeland Security (DHS), those most affected are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, Toshiba, and Ubiquiti Networks.
Most listed above have released their own security advisory, as well as a timeline for when to expect a patch. For TSI Managed Clients, our security team have already deployed updates included with Microsoft’s Patch Tuesday. We will continue to update your network, as well as laptops/computers as more become available.
However, it is important to recognize that this affects all Wi-Fi enabled devices, so be sure to update your mobile devices when software updates are released as well. Apple has stated a patch is in beta and scheduled for deployment in the coming weeks. Meanwhile, Google has said their Pixel devices will be the first to receive a patch for the attack November 6th, with other manufacturers likely to push Android updates following Google’s release.
For our Unmanaged Clients, we highly recommend reaching out for a list of available patches to secure your environment. Networks or devices left unpatched are likely to be the biggest target.