Well, this could be problematic…
I heard about this early Monday 2017-10-16; and it got me a bit concerned. Six collegiate researchers revealed information on a WPA-2 Wi-Fi security, Key Reinstallation Attack (KRACK Attack). This reliable information will allow attackers to undermine Wi-Fi encryption on any wireless connection utilizing WPA2 Personal security. This will affect literally, any and every brand and type wireless router on the B2B and consumer markets today.
This latest exploit takes advantage of the four-way handshake needed to establish an encryption key between a router and a connecting device. When properly executed, this vulnerability allows attackers to compromise the third step. This can lead to the re-use of an encryption key; or in some cases in Android and Linux based devices, the establishment of a null key.
US-CERT, the division of the Department of Homeland Security responsible for computer safety has become aware of “several key management vulnerabilities” used in the attack. The agency has declared that the vulnerability includes lack of proper encryption, content hijacking, HTTP injection, and other problems. In the advisory issued on Monday, US-CERT says that “most or all correct implementations” of WPA-2 are affected by the vulnerability —meaning every consumer device, and most enterprise access points.
The researchers claim that the attack vector completely opens up an Android 6.0 and later device. Other operating systems, including iOS and macOS are less impacted, but “a large number of packets” can still be decrypted from all.
At present, there are no patches for consumer-grade devices, and only a few commercial manufacturers have issued updates. A large percentage of network equipment will likely not see updates —so a properly patched operating system will be essential for users.
The attack uses one or more of 10 different exploits. The details of the exploit were submitted for review on May 19, and a conference presentation will be delivered on Nov. 1.
Fixes can be made by vendors on either the client or router level, and only one of the pair needs to be patched for the vulnerability to be ineffective. A patched computer can connect to an un-patched router and not be vulnerable, and vice-versa. Updates to either will prevent an encryption key from being reused.
What to Do
If you feel you must do something to ward off the evil Wi-Fi spirits, you can consider doing the following:
• Most home-based, consumer networks likely won’t be affected. However, those “common area” networks in apartment buildings (you get access because you rent there) or hotels and other high settlement areas remain vulnerable to attack.
• If and when a patch to the vulnerability becomes available, install it immediately.
• Upgrade to the latest, released version of the OS you’re computing on; and keep your security patches current.
• Never, ever use public Wi-Fi or unsecured networks. In fact, avoid them like the plague.
• Don’t frequent any ecommerce sites or any sites that collect PII (personally identifying information – like Name, Address, Date of Birth or SSN), that do not make use of HTTPS.
• Consider configuring your Wi-Fi network(s) to NOT broadcast its SSID. It’s still possible to sniff a non-broadcasted network name out if you’re determined enough to do it; but not revealing your network name is easy and effective way of keeping it hidden.
• Change your default passwords. If your router or other network equipment, network attached storage devices, etc. are still using their default passwords after you set them up, you’re just begging for trouble. Changing these will make it harder for undesirables to get the goods
• Consider turning your wireless printer off when you’re not using it. That way, no one will be able to waste your paper or toner by printing 300 pages of junk…
• Enterprise WPA-2 doesn’t appear to be affected by the flaw. If your network gear supports it, consider shifting to the more secure protocol.
I reviewed the Netgear Orbi Mesh Router earlier this year. I was fairly pleased with the device and the way it worked in my house. Most of the Wi-Fi issues I was experiencing were resolved after I purchased and installed this device in my house.
Unfortunately, Netgear has not released a firmware update for the Orbi Mesh Router to resolve the KRACK vulnerability in this device. According to a KB article, there are a couple issues that need to be remembered about this issue:
1. Your devices are only vulnerable if an attacker is in physical proximity to and within the wireless range of your network.
2. Routers and gateways are only affected when in bridge mode (which is not enabled by default and not used by most customers). A WPA-2 handshake is initiated by a router in bridge mode only when connecting or reconnecting to a router.
3. Extenders, Arlo cameras, and satellites are affected during a WPA-2 handshake that is initiated only when connecting or reconnecting to a router.
4. Mobile hotspots are only affected while using Wi-Fi data offloading, which is not enabled by default.
Based on this information, it’s very unlikely that anyone – regardless of the type of UNPROTECTED router they have – is EVER going to fall victim to this exploit, especially if you’re the average, everyday consumer. Those folks don’t have much to chase after; AND most importantly, they are unlikely to have any of their wireless networking equipment in bridge mode or to have hotspots using Wi-Fi data offloading.
Thankfully, I don’t have too much to worry about.
The other thing that users can do IF their router supports it is to switch from WPA2 Personal encryption to WPA2 Enterprise. Unfortunately for me, the Orbi does NOT currently support WPA2 Enterprise, so this isn’t an option for me. However, I’m not very upset or concerned about it at this time.
If you’re effected by this issue, I’d love to hear from you. Please meet me in the discussion area below and tell me what happened to you and if and how you resolved it on your end.
The post UPDATED: KRACK Attack Threatens to Kill WPA2 Wi-Fi Security appeared first on Soft32 Blog.