Tech Talk The latest news, reviews, and discussions for the IT professional.

KRACK Attack – Are You Hooked?

KRACK Attack – Are You Hooked?

The latest security vulnerability you might be hearing about is within the WiFi technologies and called Krack.  In general terms, the bad guys look for devices that are secured by WPA2 protocol.  The bad guys use the vulnerabilities to gain access to all data streams passing through the device.  If the data traffic is encrypted, the bad guys can insert their own key and decrypt the traffic.  This allows them access to private communications, ability to inject other malware and jump to other devices on the vulnerable network.

The attacker does not need physical or Internet connectivity to gain access to the device therefore by-passing all the perimeter security defenses.

What you need to know about this security vulnerability:

Information Security Alert: KRACK Wireless Vulnerability

Summary: Recently, a researcher has discovered the ability to compromise wireless communications secured with the IEEE 802.11i WPA2 protocol.  The vulnerability does not implicate the security of the AES encryption standard.  Instead, the attack re-keys the AES encryption with a key known to a malicious attacker.  The attack is not vendor specific, but rather a general issue within the IEEE protocol.  The IEEE 802.11i WPA2 protocol is pervasively used in a number of business and home network environments, and therefore, should be taken seriously.

Impact: First, encrypted transactions, such as SSL/TLS banking and e-commerce transactions are not adversely impacted by this vulnerability.  While a local wireless (WiFi) 802.11i WPA2 session can be compromised, any wireless traffic protected through the concurrent use of other encryption protocols are not subject to compromise by this vulnerability.  However, all other 802.11i WPA2 communication may be vulnerable.  To exploit the vulnerability certain conditions are necessary.  The attacker must be within range of the wireless network.  The WiFi environment must be using WPA2 as the security implementation.  The attacker must have the skills and resources to attempt the attack, and do so successfully.  The compromise only impacts traffic on the wireless network during the re-keyed attack on WPA2.

Recommendation: Vendors are releasing firmware and software patches for this vulnerability.  Patch updates should be implemented promptly.  Until vendor patch code can be installed, the community is advised to consider the risk exposure of using any IEEE 802.11i WPA2 protected network.  This includes dissemination through security awareness and training programs so that employees are aware of, and use appropriate discretion in both work and non-work environments.

Your PCM Security team can assist you addressing this WiFi vulnerability. For more information please contact pcmsecurity@pcm.com or visit www.pcm.com/security

Meet the Author:

Dallas Bishoff
East Director of Security Consulting
PCM

 

 

JOIN THE CONVERSATION

Share your thoughts and questions in the comment section below. To get the latest news from PCM, follow @PCM on Twitter, join us on Facebook, or connect with us on LinkedIn. To get the latest news sent straight to your inbox, join our newsletter.