KRACK Wi-Fi Vulnerability
Guidance on what the vulnerability is, what it may mean to you in your personal use and to the business, and what practical measures you can take to better protect yourself.
Overview of the KRACK Wi-Fi Vulnerability
- The vulnerability affects the WPA2 encryption protocol used in Wi-Fi. Most devices (e.g. smartphones, laptops, desktop computers) and routers rely on WPA2 to encrypt traffic sent over a Wi-Fi network. WPA2 is typically chosen over WEP or WPA because it is considered a more secured wireless security standard.
- A third-party (that is in range of your Wi-Fi) is able to read content between your device and the router. They can even change the content that your browser is displaying.
- The vulnerability only addresses data sent over Wi-Fi networks, but not if your data is already encrypted over the communication medium e.g. using HTTPS.
How does the KRACK Wi-Fi Vulnerability work?
- When a user joins a Wi-Fi network, a 'four-way' handshake is performed.
- The four-way handshake generates a new session key, which is the third step in the four-way handshake process.
- The KRACK vulnerability allows an attacker to tamper with or replay this third message, enabling them to force the victim to reinstall a session key that's already in use.
- That key reuse also resets the counters for how many packets, or bits of data, have been sent and received for a particular key. When these tallies are reset, an attacker can replay and decrypt packets, and even forge packets in some cases.
How exposed are you to this vulnerability?
- While WPA2 is the most commonly used protocol to secure your Wi-Fi, in order for an attacker to successfully leverage the vulnerability, he needs to be in range of your Wi-Fi network. Attackers can’t obtain your Wi-Fi password leveraging this vulnerability.
- Attackers may be able to conduct a man-in-the-middle attack to steal sensitive information transmitted over your Wi-Fi network, such as credit card numbers, passwords, chat messages, emails, photos and so on.
Measures you can take as a priority
- Update your end user devices such as smartphones, laptops and computers with the latest security patches. Check your vendor sites for more information. Microsoft have released specific detail, for example: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
- Check if your wireless router is affected and for available advisories and patches. Apply the patch when it has been made available. A list has been made available by US-CERT:
- If your wireless router has been supplied by your Internet Service Provider (ISP), ask them for when an update will be provided. Apply the patch when it has been made available.
- For internet connectivity, use wired medium (Ethernet) or mobile data if you are on the go.
- Do not connect non-patched devices to your Wi-Fi network until they have been patched with security updates from the vendor.
- Only share sensitive data with sites that have HTTPS (HTTP over SSL/TLS).
Other good practices:
- Avoid connecting to public WiFi hotspots.
- Consider using VPN for remote connections over WiFi.
- Segment your wireless network, so that if an attacker is able to compromise it, it does not give them access to the rest of your network / information.
- Confirm that logging on your routers are enabled. Confirm what is being logged (including IP, Mac addresses) and monitor for unusual activities such as multiple unsuccessful connection attempts.
- The Wi-Fi Alliance, a non-profit agency that certifies products for Wi-Fi security, announced that it will start testing for the vulnerability as part of its standard program. More information can be found here: https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-security-update
- Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse. https://www.kb.cert.org/vuls/id/228519/
News and blog articles: