Security Advisories /
WPA Protocol Vulnerability (KRACKs)
Monday, October 16th, 2017
10 new vulnerabilities were announced which affect WPA 1 and 2, with both PSK and Enterprise configurations.
Summary
On Monday, October 16th, 2017 10 new vulnerabilities were announced which affect WPA 1 and 2, with both PSK and Enterprise configurations. These vulnerabilities may allow an attacker to view data transmitted between a client and an access point (AP) which were previously assumed to be encrypted. This vulnerability is considered critical, because it affects a standard security protocol that is widely implemented by various vendors in wireless networking hardware worldwide. However, successful exploitation of these vulnerabilities is difficult due to various factors. For example:
- A successful attack requires physical proximity to a victim’s wireless network.
- Other widely used security protocols (such as TLS) may mitigate an attempted attack.
- Some current implementations of WPA may not be exploitable.
Details
The researchers who discovered this vulnerability have called the attack a “key reinstallation attack” (KRACKs). Their method attacks part of the 4-way handshake that takes place when a client connects to a wireless access point (AP). In order to maintain sufficient randomness when communicating using WPA2, the AP and client agree on an initialization vector, or “nonce,” which is a number that is incremented and included with subsequent messages. The key and the nonce form a “keystream” that is used to encrypt data. For WPA2 to maintain security, the keystream must only be used once. Researchers discovered that by replaying parts of the handshake, the AP can be forced to reset the nonce back to its initial state. This causes the keystream to be reused. Keystream reuse allows more sophisticated cryptographic attacks which can allow an attacker to replay, decrypt, or forge communication.
Risk Mitigation Steps Taken by ATS on Behalf of Customers
Vendors of affected hardware were made aware of this weakness before today’s general release. Vendors are taking steps individually to address the risks presented to their specific products. ATS is keeping a close eye on vendor guidance and implementing patches and other steps for mitigation as new information is released. An updated list of vendor responses can be found here: https://github.com/kristate/krackinfo
Future Risk Mitigation
This was the first weakness reported against the WPA2 protocol. As vendors release updates to address these vulnerabilities the risk of being affected will decrease. We do not expect this to have a lasting impact on wireless networks or the WPA2 protocol as a whole. This weakness does highlight the importance of keeping both client and infrastructure hardware (such as APs) up to date with current firmware, patches, etc.
Understanding current threats and the security posture of your organization is important and ATS can help by providing a Vulnerability Assessment and Penetration Test (VAPT). For more information, reach out to your ATS Account Manager or send an email to [email protected].
What Can You Do?
The worst-case scenario with this weakness is that you are connected to an essentially untrusted wireless network, as if you were at a Starbucks or an airport. Encrypted connections still cannot be viewed in these scenarios: Always ensure you are connected to websites over HTTPS. Ensure other services are using similar encrypted protocols such as SSH and SFTP. Keep an eye out for communication from wireless hardware vendors you use to connect to wireless networks (phones, laptops, etc.) Apply updates as they become available to ensure you are protected from this vulnerability. Be aware that this is an opportune time for phishers to take advantage of the heightened security concern. Official emails should always come directly from your vendor and links should point to their official domain (cisco.com, for example).
Feel free to contact [email protected] with any questions or concerns. As always, we value hearing from our clients about general and specific security concerns so that we can provide the best possible services.
Working with ATS is a breath of fresh air. ATS takes our information security concerns seriously and advises us how to avoid potential pitfalls with both hardware and software. We are beyond thrilled with ATS and only wish we had selected them a year earlier.
Joseph A. Appelbaum
President & CEO, Potomac Companies, Inc.
ATS has been our trusted partner in recent upgrades we have made to our IT infrastructure and cyber security. Their account management, project management, and technical teams have all provided top-notch service, guiding us to make informed decisions, managing timelines for multiple projects, and most of all, listening to our needs and making recommendations based on our unique work environment. During the transitions, they have kept us operating smoothly and provided quick and helpful support through their Help Desk.
Amy Gavin
Nutrition.org
I just wanted to take a moment to reach out and thank you for the excellent service you and your team have provided with the hosted SIEM solution. AlienVault is great, but the real value comes from your partnership. The appliance would not do nearly as much for us without your monitoring and consulting services. You have always been on top of things and there for us whenever there is an incident. I feel confident in that our network is secure and I am able to report that our board and clients with full assurance.
Chris Hansford
EducationWeek.org