Written By Dr Al Hartmann And Presented By Chuck Leaver
Enough media attention has actually been produced over the Wi-Fi WPA2 defeating Key Reinsertion Attack (KRACK), that we do not need to re-cover that ground. The initial finder’s website is a great place to examine the issues and link to the in-depth research findings. This might be the greatest attention paid to a fundamental communications security failing since the Heartbleed attack. During that earlier attack, a patched variation of the vulnerable OpenSSL code was released on the very same day as the public disclosure. In this new KRACK attack, comparable responsible disclosure guidelines were followed, and patches were either already released or quickly to follow. Both wireless end points and wireless network devices need to be properly patched. Oh, and all the best getting that Chinese knockoff wireless security camera bought off eBay patched anytime soon.
Here we will simply make a few points:
Take stock of your wireless devices and take action to ensure proper patching. (Ziften can carry out passive network stock, including wireless networks. For Ziften-monitored end points, the available network interfaces as well as applied patches are reported.) For enterprise IT personnel, it is patch, patch, patch every day anyhow, so absolutely nothing brand-new here. But any unmanaged wireless devices should be located and vetted.
iOS and Windows end points are less susceptible, while unpatched Android and Linux end points are extremely vulnerable. A lot of Linux end points will be servers without wireless networking, so not as much exposure there. But Android is another story, especially given the balkanized state of Android upgrading throughout device producers. Most likely your business’s biggest exposure will be Android and IoT devices, so do your risk analysis.
Prevent wireless access via unencrypted protocols such as HTTP. Stick to HTTPS or other encrypted protocols or utilize a secure VPN, but be aware some default HTTPS sites enable jeopardized devices to coerce downgrade to HTTP. (Note that Ziften network monitoring reports ports and IP addresses utilized, so take a look at any wireless port 80 traffic on unpatched endpoints.).
Continue whatever wireless network hygiene practices you have been employing to determine and silence rogue access points, wireless devices that are unapproved, etc. Grooming access point positioning and transmission zones to reduce signal spillage outside your physical boundaries is also a smart practice, given that KRACK opponents need to exist locally within the wireless network. Do not give them advantaged placement chances inside or near your environment.
For a more wider conversation around the KRACK vulnerability, take a look at our current video on the subject: