DID SOMEBODY SAY KRACK?!
What is KRACK?KRACK is the acronym for Key Reinstallation Attacks.
Earlier this week it was revealed publicly that computer security researcher Mathy Vanhoef (@vanhoefm) had discovered a “serious weakness” in the Wi-Fi Protected Access 2 (WPA2) protocol. This is indeed important because WPA2 is by far the most popular encryption standard for Wi-Fi networks in use today and is pretty much the de facto standard for securing all Wi-Fi networks. Everything from home Wi-Fi to public hotspots up to enterprise wireless networks rely on the confidentiality and integrity provided by the WPA2 protocol.
How an attack using KRACK works?
The vulnerabilities identified by Vanhoef is in the Wi-Fi standard itself and not in any one individual product. This means that any attack that is successfully able to exploit these vulnerabilities will work against any properly configured WPA2 protected network.
The main attack vector is against the WPA2 protocol’s 4-way handshake. This handshake is performed when a client requests to join the targeted Wi-Fi network. The handshake is used to authorize a device, through a credentialing process, when connecting to an access point. At the same time, the 4-way handshake also negotiates a fresh encryption key that will be used to encrypt all traffic from the newly connected device.
Vanhoef explains the attack method at a high level on his site krackattacks.com. He states that “In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice”.
Is this the end of secure Wi-Fi?
For the sake of brevity, I will keep my answer short. Individuals and enterprises should be concerned but no this is not the end of secure WiFi...Yet.
For starters, Although Vanhoef shows that these exploits are possible they are still primarily academic, as there has yet to be seen an attack exploiting the recently disclosed vulnerabilities in the wild. It was noted by security architect Kevin Beaumont, on his blog, that there is currently no publicly available code to carry out the attack and that it would require an “incredibly high skill set” to execute this type of attack (KRACK). Additionally, it has been identified by other researchers that KRACK may require a threat actor to be in close proximity to the victim they are attempting to compromise. This greatly limits the potential for a widespread attack but it does leave the door open for more targeted attacks.
So, what are we to do?
At the enterprise level mitigations for KRACK attacks (or any type of eavesdropping) should start at the foundation with a secure design of the wireless infrastructure. This should include the use of range-limiting antennas, limiting signal output strength on radio cards, and placing wireless access points away from the exterior walls of buildings thus reducing the amount of wireless traffic that is sent outside of a buildings physical boundary. Another strong mitigation is the use of a VPN when not on a trusted Wi-Fi network. A VPN will protect the data in transit encrypting the connection between the device and the remote server. This will shield the data from anyone on the untrusted public network. Including an attacker that may be attempting to exploit KRACK.
No comments:
Post a Comment