A vulnerability has been identified in the WPA2 Authentication Protocol used by almost all wireless networks in this modern age. This flaw provides the capabilities for an attacker to not only read and steal information transmitted over Wi-Fi, but also potentially allows them to manipulate data – or insert their own, such as malware.
The vulnerability was announced by the United States Computer Emergency Readiness Team (US-CERT) last week, and has been codenamed KRACK – short for ‘Key Reinstallation attACK’.
The issue isn’t a problem with encryption, but instead in the way the device connects to an access point. It works by leveraging the handshake that is part of the WPA2 protocol process – which allows users to first connect to a network, and then confirm their credentials for access.
The key reinstallation attack interferes with this process by modifying the packet numbers, which allows for the same encryption key to be used with previous values. This then allows attackers to replay, decrypt or forge packets.
Simply changing your Wi-Fi password does not prevent the attack – the underlying issue needs to be patched first. Even with this vulnerability, WPA2 is still considered far more secure than the older, defunct WEP security protocol, so it is important not to be tempted to change your encryption method in light of this new vulnerability.
Disturbingly, this vulnerability has been confirmed to affect devices running Android, Linux, Apple, Windows, and others – meaning next to no devices are immune and if a device supports Wi-Fi, it is most likely affected. The vulnerability is particularly dangerous on Linux and Android v6.0 and above.
Thankfully, many vendors have already released patches or statements to address this issue. Microsoft in particular had already patched against the vulnerability through security updates released on the 10th of October.
At the time of writing, whilst Google has publicly stated they are aware of the issue, they have not as yet released patches for any of their devices & promised these would be available ‘in the coming weeks’.
It is absolutely vital more than ever that automatic updates are enabled and functioning correctly on all of your devices – PC, Phone & Tablet – to ensure that the moment security updates are released to fix dangerous flaws such as these, your systems are updated and protected against what is then a publicly known attack opportunity.
If you are in any doubt as to whether your business systems are appropriately patched and up to date, contact the Altitude Innovations Team to arrange an onsite audit of your systems.