KRACK exploit explained
A recently discovered vulnerability in the most widely used wireless security standard may be one of the biggest in years. The good news is there are precautions that can be taken to keep you and your business safe. Sword & Shield’s Corey McReynolds and Joe Gray explain:
What the Attack is
This attack exploits a vulnerability in Wireless Protected Access (WPA), both WPA and WPA2 encryption implementations that allow the attacker to decrypt all Wi-Fi traffic into plaintext. Additionally, some implementation methods can allow an attacker to perform Man in the Middle or Packet Injection attacks that can give access and control to the attacker.
How it Works
The vulnerability is not in the encryption method nor the protocol related to WPA2, rather it is in the implementation methods utilized by various platforms. The attack, referred to as KRACK (Key Reinstallation Attack), is achieved by manipulating and sending multiple cryptographic handshake messages causing the cryptographic key to be reset allowing the attacker to then decrypt the Wi-Fi network traffic.
A successful compromise of a Wi-Fi network can allow an attacker to see and record all data being transmitted over that network in plain text. This data can include, but is not limited to; usernames and passwords, credit card numbers, account numbers, emails, messages, and sensitive documents if transmitting using unencrypted or insecure protocols. Advanced attacks can further exploit the vulnerability by not only passively monitoring communications but actively hijacking TCP connections and injecting code into unencrypted HTTP connections.
KRACK Exploit Mitigations
Many Wi-Fi router and client-device makers have already or are about to issue patches to correct the issue. A list of these vendors can be found here: https://www.kb.cert.org/vuls/id/228519 It is advised to update these devices with the latest security patches. Additionally, the use of an additional secure protocol or encryption method can prevent compromise. Using HTTPS (Hypertext Transfer Protocol Secure), SSH (Secure Shell) or VPN (Virtual Private Network) for Wi-Fi based communications are examples of how to accomplish this. Doing so creates an additional layer of encryption and access that protects communications even if the Wi-Fi network has been compromised.
Advisories and CVEs