The Krack Wi-fi Vulnerability Explained in Plain Terms
Your Wi-fi is Vulnerable to Krack. Secure It ASAP
If you think Wi-Fi network is secure by default, think again! Wi-Fi comes with a set of security issues, so it might be wiser to turn it off when you don’t use it.
With all the news flooding the Internet these days about the recent security vulnerabilities found in Wi-Fi technology, I couldn’t help thinking of all the times I quickly connected to the public Wi-Fi network when I was in a coffee place, restaurant or any other public place.
I don’t do this anymore. Not since I started working in the security industry and learnt to become more aware of the importance of cyber security in our lives. Naturally, I still have a lot to learn on how to stay safe online, as we all do.
Understanding the Krack vulnerability – the short version
Earlier this week, a critical security flaw was discovered in the Wireless Protected Access II (WPA2) protocol.
This affects all devices connected via Wi-fi network and gives cybercriminals easier access to all our sensitive data.
Here’s what the cyber security specialist David Harley (ESET senior researcher) recommends:
“Treat your own network as if it were a public network and configure your computers accordingly. Many home users would probably not be unduly inconvenienced that way, or will at least be able to work round likely difficulties, but businesses, even relatively small ones with a single small LAN, would tend to be hit harder”
This vulnerability, also known as the Krack attack, was initially discovered by Mathy Vanhoef, a security expert at Belgian University KU Leuven.
The name stands for Key Reinstallation Attacks and means that an attacker can exploit vulnerabilities found in WPA2 using this attack technique. In practice, attackers use it “to read information that was previously assumed to be safely encrypted”.
This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on”, said the researcher. A malicious actor could gain unauthorized access, manipulate data and “inject ransomware or other malware into websites”.
- You should also know that this attack can’t be operated remotely, and the online criminal needs to be physically present near the targeted equipment. It is required to have an active antenna within range of the targeted wireless network point to intercept the Internet traffic.
- Another important thing: essential traffic should be protected with HTTPS. Most likely, you connect to the browser when you want to access sensitive information on the Internet, such as financial data or other personal data. Any connection in a browser should be protected and start with “https://”.
Before we learn more about these serious weaknesses found in WPA2, let’s go through some terminology that might help both businesses and home users better understand how things work.
What are WPA2, WPA and WEP?
WPA2 stands for Wi-Fi Protected Access 2 and is a security protocol commonly used on Wi-Fi wireless networks. It is the current standard in the industry (WPA2 networks are almost everywhere) and encrypts traffic on Wi-Fi networks. It also replaces the older and less secure WEP(Wired Equivalent Privacy), and is an upgrade of the original WPA (Wi-Fi Protected Access) technology. Since 2006, all Wi-Fi certified products should use WPA2 security.
WPA is known as the Wi-Fi Protected Access, and is also a security technology for Wi-Fi networks. It was developed to improve the WEP network and encryption features.
WEP or Wired Equivalent Privacy is the least secure network protocol that provides security for the Wi-Fi and other 802.11 wireless networks. It gives wireless networks the level of protection equivalent to a wired network, but has limitations. It is recommended to avoid WEP.
How the Key Reinstallation Attack (Krack) works
The attack is basically against the 4-way handshake of the WPA2 protocol, which refers to a type of network authentication protocol for data delivered through network architectures.
This handshake happens when a client connects to a protected Wi-Fi network, and the access-point (a hardware device, such as a router, that lets Wi-Fi devices to connect to a network) will provide an encryption key that will be used to encrypt all the Internet traffic.
At this moment, all modern protected Wi-Fi networks use the 4-way handshake.
However, because messages may be lost or dropped, the access point (AP) will resend the third message of the 4-way handshake, if it doesn’t get a proper response. This means that the client may receive message multiple times. Each time the message is received, it will reinstall the same encryption key, and reset the additional transmit packet number (nonce).
What can the attacker do?
The researcher who discovered the vulnerability stated that:
“An attacker can force these nonce resets by collecting and replaying retransmissions of message 3 of the 4-way handshake” (quote)
Thus, the encryption protocol is attacked and an online criminal person can setup a fake WiFi access-point and interfere on a network. This means that the attacker gets access to private conversations and details about personal information and data of people connected via the public Wi-Fi network.
We strongly recommend reading this article about Wi-Fi public networks.
“The idea that public WiFi networks are not secure is not exactly news. It is, however, news that can’t be repeated often enough. Probably everyone with a portable device has once been connected to a public WiFi network: while having a coffee, on the train, or at a hotel.”
For instance, the attack works against both personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES.
Who’s been affected?
Basically, it potentially affects everyone who is connected via Wi-Fi using WPA2 encryption.
According to the researcher, the attack is mostly targeting Android 6.0 or higher and Linux devices. Less affected, but still impacted by some variant of the attacks, are Apple’s iOS devices and Windows machines, OpenBSD, MediaTek, Linksys, IoT devices and others using WPA2 protocol.
The good news is that many companies reacted quickly and already released patches to address this issue. They also announced updated firmware and drivers for their products.
Here’s a complete and updated list with different Wi-Fi vendors, firmware and driver updates, and patch information. It is worth mentioning that this Wi-Fi vulnerability impacting the industry at a protocol level, is a serious and will require some effort to fix it.
IoT devices are a good example. They “rarely receive the necessary software updates to correct security issues”. In many cases, the best thing to do is to buy new equipments once parched options are available.
Here’s a detailed (and technical) video that explains how the Krack attack works:
How to secure your data against the KRACK attack
Here’s what we recommend to do in order to stay safe and protect your devices from being compromised:
- Don’t panic and install any update available for every device you might have in your home, and you would not consider at first, such as: smartphones, smartwatches, fitness bands, laptops, digital cameras, printers, smart TVs, cars, etc. The same goes for all the applications you use. Most people tend to forget about hardware updates and postpone them. Update and patch everything.
- Turn off public network sharing when you are connected to an unsecure Wi-Fi network (where no password is required) in a public place. A secure Wi-Fi network means that you need to ask for a password from the public place you’re visiting to access the Internet;
- Also we advise you to turn OFF the Wi-Fi connection, if you don’t need or use it;
- Avoid connecting to public Wi-Fi networks, and use instead your data plans;
- Make sure you access only websites that use HTTPS encryption, as an additional layer of protection. Avoid sending or providing personal information over public Wi-Fi, whether or not it is encrypted;
- Remember to keep the firewall enabled on your operating system;
- You might want to use a Virtual Private Network (VPN), when setting up a connection to an unsecured public Wi-Fi, but there are some disadvantages. “You won’t be able to access the other connected devices on your network, like Chromecasts and smart speakers, making it impractical for many people.”
- When you connect to a public Wi-Fi, make sure you have an antivirus program installed on your device or a multi-layered proactive security system;
- If you’re connected via Wi-Fi in a public place, don’t browse the Internet without having a good antispyware software program. You should connect only to secured services.
- When signing into your email or social accounts, make sure you use two-factor authentication to add more security and double check that your identity is legitimate.
Did this security vulnerability make you paranoid about Wi-Fi technology? It never hurts to be a little suspicious when connecting to a public Wi-Fi network. And once again, this new online threat reminds us how essential is for this industry to solve the patching issue.
BONUS: A list of recommended resources to read:
INSTALL IT, FORGET IT AND BE PROTECTEDDownload Heimdal™ FREE