©2019 by Carnwennan, LLC

Archive

Please reload

Tags

Is WiFi at Risk?

October 17, 2017

Key Reinstallation Attack (KRACK) is a WiFi hack that was discovered when testing the Android operating system by Mathy Vanhoef.  Many IT forensics experts are warning the public that this exploit impacts other operating systems (OS) including Windows, iOS, Ubuntu, and other popular custom Operating Systems (OS).  

 

What is concerning about KRACK is that once an attacker has infiltrated a WiFi network, all passwords and information can be easily intercepted, not to mention spyware and malware can be installed on all connected network devices.  Devices more commonly known to consumers include  Chromecast, AppleTV, Alexa, Nest, Ring and a plethora of other devices that use WiFi.  The potential risk of this WiFi hack compromises privacy, and in some cases may endanger safety. 

 

WHAT EXACTLY IS COMPROMISED

The first thing you should understand is that all Internet of Things (IoT) devices have a wireless network card that communicates with the internet.  In other words, your phone, your laptop, your smart thermostat, or even smart locks have hardware that is used to connect to the internet.  Those devices do so using specific protocols to authenticate themselves to a wireless network.  These protocols are protected through the use of a passphrase which we use everyday for wireless network access.   Common protocols for devices include WPA2, WPA, and WEP.   KRACK exploits the most commonly used protocol, WPA2, which gives the hacker the ability to backdoor into the device via the WPA2 protocol; this can then be used as a jump point to access your entire network and quickly attack other devices as well.  More details of WPA2 can be found here.

 

 

SO I SHOULDN'T USE MY WIRELESS?

Of course people can continue to use WiFi, but precautionary actions need to happen.  While the gravity of this exploit is severe, normal day-to-day users should start taking the appropriate precautions so they are not victims.  Actions include:

 

1.  Update your router's firmware. It sounds very complex, but I assure you that if you get the model of your router and Youtube [model] firmware update, someone will have likely already done it and can walk you through it.

 

2.  Ensure all your mobile devices are updated.  Yes, we all have our theories on how updates slow down our devices.  Deal with it-- your personal data is worth more than waiting on updates.

 

3.  Patch all your computers, and yes, that includes Mac.  Make sure you are routinely running the latest and greatest patches, both Microsoft and Google have known about this for months and have been releasing patches for it.

 

4.  Update your smart devices, if you are noticing the theme here, a patch will more likely keep your network safe-- make sure all of your smart devices, light bulbs, thermostats, garage, anything that connects to WiFi are updated.

 

Now for those that don't use WPA2, you are not exempt. It has been researched that many devices are exposed simply through the vendors firmware so make your updates.

 

Finally, do not go and reset all your passwords; resetting passwords will not help you here.  Good, old fashioned maintenance and updates will help you here.  If you do feel you have been compromised, then yes, take appropriate action and reset your passwords after your devices are updated.

 

HOW DOES KRACK WORK?

“When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value,” Vanhoef explained today on a microsite about the attack. “Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.”  You can also see KRACK live here or review Mathy's paper here.

 

FOR MY TECH GUYS OUT THERE

General research has highlighted the following CVE's that need to be update The CVE (Common Vulnerabilities and Exposures) numbers for Krack Attack have been reserved. They are CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, and CVE-2017-13088.  Make sure you are getting regular updates for your network.

 

ASSOCIATED GITHUB REPOS

https://github.com/vanhoefm/blackhat17-pocs

 

 

 

 

Please reload

Recent Posts

July 12, 2018

Please reload