Serious security weakness discovered in WPA2 in the last day or two presents a serious security issue for Wi-Fi networks and the devices that use them.
WPA2, which is how all modern Wi-Fi networks are secured, has weaknesses that can be exploited by an attacker within range of a victim using key reinstallation attacks (KRACKs). Discovered by researcher Mathy Vanhoef, KRACK exploits limitations in implementations of the handshake processing in the 802.11 protocol.
How does it KRACK your Wi-Fi?
There is a process by which every device is authenticated before it is allowed access to a Wi-Fi network. This process is invisible to the end-user so there would be no obvious way for you to know that a security break has occurred.
When your device uses a four-way authentication "handshake", it is the third step that is targeted. This is the step where a Wi-Fi client attempts to connect to a protected Wi-Fi network. The encryption key may be resent multiple times during this step, which if collected by the attackers and replayed in specific ways, 802.11 security encryption can be broken. For a more technically detailed explanation, check out Mathy Vanhoef’s KRACK attacks website.
What happens when Wi-Fi security is broken by KRACK?
Many people blindly assume that whatever Wi-Fi network they are using, their personal and business data is protected from prying eyes. However, by exploiting the weaknesses as KRACK does, the attacker can eavesdrop on all non-encrypted traffic you send over the network. That data might include sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.
However, it’s not all bad news
There are no automated tools that allow someone to deliver this attack in a simple way today. In fact, Iron Group CTO Alex Hudson says an attacker needs to be on the same Wi-Fi network as you in order to carry out any nefarious plans with KRACK. "You’re not suddenly vulnerable to everyone on the internet," he says.
In the meantime …
Stick to websites that use HTTPS encryption as data encrypted with a higher-level protocol like HTTPS and or TLS, is safe. Check for the green lock in the address bar that ensures your web browser shows it is safe to browse with HTTPs. Secure websites are still secure even with Wi-Fi security broken. The URLs of encrypted websites will start with "HTTPS," while unsecured websites are prefaced by "HTTP." The Electronic Frontier Foundation’s superb HTTPS Everywhere browser plug-in can force all sites that offer HTTPS encryption to use that protection.
If you’re using an encrypted virtual private network (VPN) then your traffic is secured even in case of a successful KRACK attack.
… and my Wi-Fi password?
This vulnerability does not expose nor reveal your Wi-Fi credentials in use on the network to an attacker. So, there’s no need to change the password as part of a mitigation. The exploit targets information that should have been encrypted by the WLAN infrastructure, so the attacker doesn’t need to crack your password to implement it.
Should I contact my network vendor regarding their products?
Your network vendor should be aware of KRACK and providing either patches or workarounds for their products.
If you are an ALE customer or partner, update your OmniAccess and OmniAccess Stellar WLAN products to the latest available software releases which include patches for the flaw.
We are investigating the potential impact on all of our products and will publish updates as soon as possible on our ALE public website for security advisories. Check our security advisories page regularly for the latest information.