KRACK Vulnerability Spinning the Drain as Most Vendors Patch Flaw
About a month ago, KRACK (or Key Reinstallation Attack) began to expose a pretty serious security flaw in the WPA2 protocol. Essentially, it breaks the encryption between a router and a device, allowing anyone to intercept and even inject information into network traffic.
Discovered by Mathy Vanhoef, the vulnerability is basically present in any device that supports Wi-Fi. That means "Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks" according to Vanhoef.
The WPA2-PSK breach attacks the user at the four-way handshake, allowing attackers to examine and tamper with traffic without even being on the network. KRACK then allows the hacker to forcibly reinstall connection keys and actually re-encrypts data.
"This handshake is executed when a client wants to join a protected Wi-Fi network and is used to confirm that both the client and access point possess the correct credentials, e.g. the pre-shared password of the network," Vanhoef explains on his website. "At the same time, the 4-way handshake also negotiates a fresh encryption key that will be used to encrypt all subsequent traffic."
By listening to and re-encrypting data being exchanged, it gives hackers access to the information being passed from point-to-point. Vanhoef even says that attackers can attach ransomware to devices, read plugged in USB drives, and can take over WPA-Enterprise networks.
But there is good news as the vulnerability seems to be losing to a series of major patches, including Microsoft's silently deployed fix, Apple's iOS 11.1 and High Sierra 10.13.1 update, and Google's recent (see: delayed) update. This is alongside companies like Luxul, eero, Netgear, the Wi-Fi Alliance and more acknowledge the vulnerability and ways they are staying ahead of it. (See a pretty solid list of vendors here.)
So is KRACK basically dead? Well, no, not exactly.
The fallout of is long and far beyond the scope of a simple patch because all modern protected Wi-Fi networks use the 4-way handshake implying all WPA2 networks are affected by (some variant of) the attack.
Because of both complexities of the hack and the novel way it is distributed, the real issue will always be unpatched devices.
“For the general sphere of IoT devices, like security cameras, we’re not just underwater,” says Kevin Fu, a computer scientist at the University of Michigan who focuses on medical device security. “We’re under quicksand under water.”
For integrators, check with your vendors now and ask how you can start patching against KRACK, lest your customers end up on the wrong side of an easily avoided vulnerability. Still concerned about privacy? Simply switch sensitive devices to a wired network.