On Monday a research paper released that discussed how an attacker could compromise the WPA2 wireless encryption mechanism. This vulnerability has been dubbed Key Reinstallation Attack (KRACK), aka Krack Attack. While this attack is especially effective against Linux and Android client devices, the paper goes on to describe that any device using the standard WPA2 wireless security is vulnerable and should be patched.
This is a dangerous vulnerability. In its current state, it is very difficult to execute and needs to have a very close physical presence to the wireless network being compromised. That being said, once code is released for this vulnerability, it’s only a matter of time before exploiting it becomes easier.
What do you need to know to protect yourself? You need to make sure any device that uses wireless or provides wireless is patched. So you need to make sure all three of the following have been patched or are known to be not vulnerable:
- Wireless Access Point/Router: You need to make sure you’re running the latest firmware on your wireless access points and wireless routers. We’re in the process of patching all our CompleteCare clients’ Ubiquiti wireless access points with updated firmware that fixes the issue. If you’re running Cisco or Meraki hardware, you can find more information here. Sonicwall access points and wireless firewalls are not affected. Information for Netgear can be found here.
- Operating System Patches: Microsoft and Apple have released or are in the process of developing patches for their devices. Microsoft has an in-depth page summarizing the vulnerability and all their patches. While Apple hasn’t officially gone on record, they have confirmed that they are beta-testing patches for release very soon. Linux users can find patches here (you can also find them in the official update repositories of most major distributions).
- Device Drivers: You also need to make sure you update the drivers for the wireless adapters in your computers. Intel has patches available for their hardware here. Dell and HP have not made official statements yet but will be doing so soon.
If you’re trying to keep track as to whether your hardware/software vendor is vulnerable or has patches available, you can find updated lists here and here.
A couple other items to keep your information safe:
- Make sure you are only submitting sensitive data on TLS/SSL-encrypted web pages. Look for the green lock symbol in the address bar along with https in the URL.
- Be on the lookout for unusual activity inside or outside your facility. In order to launch an attack using these vulnerabilities, an attacker must be physically located within Wi-Fi range of both the access point and the wireless client that is attempting to connect to the network. That means the attacker must be in or near your building, which makes it a bit more difficult to leverage than other Internet-only attacks.
The code to perform this attack has not been released to the public yet, but it will eventually come out sooner rather than later. Get your devices patched now before they become vulnerable, and give us a call if you need any assistance.
— Your Weston Support Team
Leave a Reply