WPA2 isn’t all it’s KRACKed up to be. Okay, sorry, bad pun in a bad situation. While any new vulnerability is a serious situation, this in particular is very similar to man-in-the-middle attacks. Essentially, anything that communicates back and forth with your access points is vulnerable.

This vulnerability is unlovingly christened Key Reinstallation Attacks, or KRACK for short.

According to the United States Computer Emergency Readiness Team (US-CERT):

“US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected.”

As with any man-in-the-middle attack, anything that is being done on your Wi-Fi network is at risk and even visiting HTTPS sites may not prevent the unauthorized decrypting and stealing of your data.

While many AP manufacturers are scrambling in varying degrees of progress to release patches to mitigate this, it’s important to know that this vulnerability is within the WPA2 protocol itself and it can affect Linux, Android, Windows, and Apple devices. Android and Linux OSes utilize WPA2 for all Wi-Fi communications by default, which causes these platforms to have additional vulnerabilities. Unfortunately, since this is an IEEE standard, there is just no knowing when this will be fixed across all vendors. Some vendors may take initiative to do something specific to mitigate this, but in the meantime …

KRACK Mitigation

The vulnerability affects all wireless clients that use WPA/WPA2, including PSK and enterprise variations. Until vendors produce patches, there is no way (as of now) stop people from decrypting 802.11 packets, but we have a few ways to stay as safe as possible.

Consider using an overlay encryption method like VPNs as frequently as possible. You can use a VPN client provided by work, or a third-party vendor. When you use a VPN, even just to transfer web surfing traffic, you are making sure that privacy is being kept all the way to the VPN endpoint.

Make sure you are carefully watching the SSL sites you visit as well. There is a way attackers can bypass the HTTPS by forwarding the user to a non-encrypted site or stripping SSL settings from a conversation.

The main thing here is to emphasize checking for the lock symbol next to the URL on the browser and watching for any browser alerts to see if the website is trusted. Always check this! Also watch for invalid certificates and only choose to trust an invalid certificate if you know why it’s invalid.

The attacker has to be in close enough proximity to access your wireless signal, so be sure you have good physical security and procedures that can minimize your chance of attack. Turn down your signal broadcast so Creepy Joe in the parking lot can’t get on. In fact, if your company doesn’t need the wireless after hours, turn it off!

This is a situation where you have to stay vigilant and keep your layered security strong, since we have no way of patching this vulnerability right now and it’s highly publicized.

If you have questions about this or about the security of your network, we can help. Send us an email or give us a call at 502-240-0404!