Yesterday, a security issue involving protocol-level vulnerabilities in WIFI Protected Access (WPA) and WIFI Protected Access II (WPA2) was discovered.
What is the vulnerability?
These vulnerabilities which are collectively referred to as KRACK attacks (Key Reinstallation Attack), affect both end-user devices that connect to wireless networks (wireless clients) and access points (wireless infrastructure devices).
This vulnerability can only be exploited if the attacker is in local range of the WiFi network.
The KRACK vulnerabilities exploit the way that WPA2 encrypts sensitive information which is sent via the wireless network.
WPA/WPA 2 secures all modern protected Wi-Fi networks. Usually when using the WPA/WPA 2 protocol sensitive information is safely encrypted. However, this local vulnerability means that an attacker could get access to emails, financial information and passwords.
Depending on configuration, an attacker may also be able to infect websites on the network with malware or ransomware.
Although HTTPS may be used as a layer of protection, this can still be bypassed. For example in: Apple’s iOS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps.
Click here to see a video which shows how sensitive information can be decrypted by the hacker.
Who does it affect?
It is possible that this could affect any vendor using a modern protected WiFi network using WPA/ WPA 2. While this vulnerability is likely to mainly affect Linux and Android 6.0, it is a widespread issue which will also affect devices running Apple, Open BSD, Windows, Linksys Media and many other vendors.
How can it be mitigated/ how to prepare
- Implement security updates as soon as they are available
- Switch off WiFi- if possible use 3G/4G instead
- For an extra layer of encryption you can use HTTPS/ VPNs
- Do not send sensitive information in plain text
- Use other encryption such as: ssh
- Disable client functionality on routers and disable fast roaming
- Look out for updates and fixes which will be released by vendors
- Affected access points and the associated clients must be patched in order to fully remediate this issue.
- Cisco: Fixes are already available for select Cisco products, and they will continue publishing software fixes for additional affected products as they become available
Remember, this vulnerability can only be exploited if a hacker is in local range of your WiFi network, but to ensure that your network is safe please follow the steps above.
If you have any queries about this security issue or are concerned that your network may be at risk, please do not hesitate to contact the team on 0121 663 0055.