KRACK attack

KRACK Wi-Fi Attack is Whack

A security weakness has been discovered in the Wi-Fi protocol which allows attackers to intercept passwords and do much more damage. This weakness is being referred to as a KRACK attack (Key Reinstallation Attacks). KRACK works by targeting the four-way handshake that occurs when a device connects to Wi-Fi. KRACK tricks the vulnerable device into reinstalling an already-in-use key that the attacker has access to.

“This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on,” researcher Mathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium wrote. “The attack works against all modern protected Wi-Fi networks.

Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”

What Can Happen to Me?

KRACK attacks are not limited to recovering login credentials (i.e. e-mail addresses and passwords). In general, any data or information that the victim transmits can be intercepted and decrypted. Depending on the device being used and the network setup, it is also possible to push data to the victim (e.g. changing the contents of a website). “Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations.

Can I Just Change My Wi-Fi Settings?

The exploit is being advertised as affecting WPA2, but this also includes WPA2-AES with WPA-TKIP and GCMP being even more vulnerable! So pretty much any type of Wi-Fi connection you have in your home or office is vulnerable until devices are patched.

How Scary Is KRACK?

As scary as this attack sounds, there are several mitigating factors at work here. First off, this is not an attack that can be pulled off remotely: An attacker would have to be within range of the wireless signal between your device and a nearby wireless access point. This still makes the use of public Wi-Fi extremely dangerous until your devices are patched.

More importantly, most sensitive communications that might be intercepted these days, such as interactions with your financial institution, are likely already protected end-to-end by Secure Sockets Layer (SSL). This type of encryption is separate from any encryption added by WPA2 — i.e., any connection in your browser that starts with “https://”. But keep an eye out for the incorrect certificate warnings that you occasionally see while surfing the web. If you see one, close the website.

What Do I Do?

Hardware manufacturers were made aware of this issue a couple of weeks ago, so they’ve been working on patches and most of them already have updates available to fix this issue. If yours does not have the proper update available, you can try to mitigate attacks against routers and access points by disabling client functionality (which is, for example, used in repeater modes) and disabling 802.11r (fast roaming).

Steps to Take:
  1. Stay off Public Wi-Fi until your device is properly patched.
  2. Update the firmware for your router. If you’re not sure how, use a search engine to look up “how to update the firmware for my BRANDNAME HERE router”.
  3. Update ALL devices you own that connect to Wi-Fi. Update your phones first, then laptops, and then any additional Wi-Fi connected devices. Don’t forget gaming consoles, Echo & Dots, Dash buttons, iPods, smart Blu-Ray players, smart TVs, tablets, some kids toys, possibly even your fridge or washer/dryer, doorbells, etc. Everything that connects to the Internet in your home or office needs to be patched. Tip: After making a list of all our vulnerable devices, our family then changed our Wi-Fi password. This doesn’t fix the KRACK problem, but it stops our in home devices from being able to connect to Wi-Fi until we can get them all updated. Our kids also let us know immediately about the devices we had forgot since their precious devices were no longer connecting to the Internet.
  4. Finally, although an unpatched device can still connect to a patched access point (AP), and vice versa, both the client and AP must be patched to defend against all attacks!
  5. Once everything is updated this is a good time to update your Wi-Fi password as well. This is good practice anyways, and there is a chance it may have been intercepted.

How to Update Your Devices

Windows

Windows issued a patch on Tuesday October 10, 2017 that fixes the vulnerability in Windows. However even when patched, affected Windows systems may offload the vulnerability to installed Wi-Fi hardware. Windows users should also use Device Manager to update their Wi-Fi device drivers.

Linux

This effects Linux as well. The process of updating Linux varies by flavor. User friendly varieties such as Ubuntu and Mint come with a graphical “Update Manager” tool which automates the process. These also push notifications to the task bar when important updates are ready to be installed. If your version doesn’t come with a friendly tool like this, it can still be done using the command line. Linux utilizes a powerful “package manager” tool to manage and automate software updates from the web. Your particular package manager will vary depending on which type of Linux you’re using. If you don’t see your exact variety listed below, one of the other commands will most likely work just fine (doesn’t hurt to try them all). Keep in mind that some of these will prompt for a password:

RedHat
yum update

Debian/Ubuntu
sudo apt-get update && sudo apt-get upgrade
-or-
sudo aptitude update && sudo aptitude safe-upgrade

Gentoo
emerge -puv world

Android

Note that currently 50% of Android devices are still vulnerable to this devastating variant of attack. You’ll want to use Google to find out how to update your particular Android device.

Mac OS

According to a report from AppleInsider citing anonymous sources at Apple, the patch to remove this hardware vulnerability was added to previous beta versions of iOS, tvOS, watchOS and macOS.

However, the site’s source noted that fixes for AirPort, Time Machine, AirPort Extreme Base Station and the AirPort Express have not been made available yet. Not coming out with a patch for its routers may not be a huge issue for Apple. In order to work, the KRACK Wi-Fi hack needs to take advantage of a vulnerable router and client device. If your iPhone, iPad or Mac is already patched, it doesn’t matter if your AirPort router is vulnerable.

Apple Devices

Use the Settings > General > Software Update Feature to install the newest updates.

Echo Devices

Amazon is still working on a fix for their Echo devices.

There are obviously thousands more devices out there that connect via Wi-Fi, it will take a very long time for the world to get up to date on this issue, and it’s likely that during that time many other exploits will be found. Our best advice here at Appletree is to keep a running list of your devices that connect to Wi-Fi so you can track them all down for updates when as soon as vulnerabilities such as this one are found.

For more information visit: KrackAttaks.com

Like this post? Share it!