A serious weakness has been publicly revealed in the WPA2 wireless protocol, potentially allowing attackers to decrypt sensitive information. It is a fundamental weakness in the protocol itself, so all modern Wi-Fi networks are potentially affected. The attack is called a key reinstallation attack (KRACK), and it allows a man-in-the-middle attacker to trick a wireless client into reinstalling an encryption key that has already been used on current Wi-Fi connection. This allows the attacker to read some or all of the information transmitted across that connection, including passwords, credit card numbers, and other sensitive information. The attack was discovered and verified by Mathy Vanhoef, the details of which can be found at https://www.krackattacks.com/.
Some wireless devices and configurations are more vulnerable to the attack than others. For Linux and Android devices, the attacker can replace the encryption key in the connection with an all-zero key, making all traffic across the connection readable. For connections using WPA-TKIP and GCMP encryption protocols, the attacker can not only decrypt information, but also inject malware.
There are some limitations to this attack. It does not recover the wireless network password or decrypt information passed over HTTPS, although other attacks exist to decrypt HTTPS traffic. The attack primarily targets client devices, so wireless access points are not likely to be attacked directly.
KRACK attacks have only been performed in a lab setting for now, but they could be performed in the wild at any point. Users should check with device vendors for any security patches, as the United States Computer Emergency Readiness Team (US CERT) had already informed manufacturers well ahead of the public release of the exploit.
Some of the high profile manufacturers affected are: Aruba, Cisco, Intel, Juniper Networks, Mikrotik, Red Hat, Microsoft and Ubiquiti Networks. As it is an issue with the protocol itself, all manufacturers could be at risk without taking appropriate action. If your vendor has not published an update or response as of yet, it is recommended to continue using WPA2 for wireless encryption, and to keep all wireless devices fully patched and updated and update as soon as a fix becomes available.
Aruba: The Aruba security advisory.
Cisco: some patches are available, others are pending the investigation.
Intel: Intel security advisory listing updated Wi-Fi drivers and patches.
Mikrotik: Released patches which fix the vulnerabilities.
OpenBSD: Patches are now available.
Microsoft: Windows security patch in automatic updates.
Ubiquiti Networks: Latest firmware release contains a fix to the issue.
If you have questions about your cyber risks, please contact our Technology Services Group and they can help mitigate your risk. Fill out our contact form or call 800-259-2922.