A major vulnerability has been discovered in the WPA2 protocol of Wi-Fi networks.
Description of the breach
Named KRACK for Key Reinstallation Attack, this breach is likely to intercept communications between an access point and a user, allowing an attacker to access the wireless network, without the need for a password. This vulnerability has far-reaching consequences, as it could easily allow an attacker to capture what is happening on your network. It would be enough for him simply to be in range of the signal.
Mathy Vanhoef, a researcher at the Catholic University of Louvain in Belgium who discovered this flaw, clearly indicates the risks:
"Concretely, intruders can use this new attack technique to read unencrypted information that was previously supposed to be encrypted safely. This can be used to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, etc. ".
"The attack operates against personal and corporate Wi-Fi networks, against the old WPA and the latest WPA2 standard, and even against networks that only use AES".
A video showing an attack on an Android phone can be viewed at: https://www.krackattacks.com/
As a managed services provider, we are currently deploying the available security patches to our customers.
How to protect yourself
Your first reflex should be to turn to manufacturers to get their recommendations to protect yourself from intruders who could exploit this vulnerability.
It is therefore important to monitor updates from both wireless terminals and routers as well as having end users apply them as soon as they are available.
Some manufacturers have been quicker than others to release patches. Here is the situation as of today;
For Windows workstations, Microsoft released a hotfix on October 10th.
Apply these fixes to workstations with Windows 7 and newer
For Mac, iOS and Android mobile devices, there are unfortunately no patches to date.
Wireless terminals and routers
For routers and Wifi terminals, it depends on the manufacturers. For example, Fortinet and Ruckus have already released patches, unlike Cisco for its Aironet terminals.
You can refer to the CERT website which is very comprehensive.
Anything that communicates via Wi-Fi is susceptible to being attacked. We recommend looking for what connects to your Wi-Fi terminals so you do not forget anything. For example, do you have Wifi thermostats?
If there are no updates available for your equipment what to do?
Depending on the use of your wireless network and the sensitivity of the information transmitted, you have these alternatives:
- Use a VPN communication from the workstation, which has the advantage of adding a layer of encryption.
- Disable the wireless network and connect wired.
- Replace all or part of your wireless infrastructure with products that have patches. You could take the opportunity to investigate with Present solutions that will provide better signal quality, require less terminals and ultimately prove more economical.
In the case of phones or tablets, you can disable Wi-Fi and prioritize the cellular network. Public Wi-Fi terminals are to be avoided.
The risk associated with the KRACK vulnerability is significant for the security of your data, and there is an indisputable urgency to put in place a remediation strategy.
The management of security at our clients, which includes the application of security updates, is just one aspect of our managed services offering.