KRACK: What to know and 8 ways to mitigate this new cyber attack

As a Microsoft Certified Trainer, Pluralsight author and Certified Ethical Hacker, Dale Meredith knows a thing or two about security. So, when the recent cyber attack, KRACK, surfaced last week, Dale jumped on the opportunity to explain what you should know and how to reduce this new threat. Read on for Dale’s take on KRACK, and keep up with him on Twitter: @dalemeredith.

There’s nothing like waking up in the morning, only to discover a new cyber attack has surfaced — and on a technology we haven’t been concerned about previously.

Belgian researchers have found a vulnerability, which enables attackers to listen to wifi traffic as packets are traveling between devices and access points. This exploit is now known as KRACK (Key Reinstallation Attacks). KRACK hijacks data being sent over the network by disrupting the third step of the traditional WPA2 four-way “handshake.” The United States Computer Emergency Readiness Team contacted around 100 organizations ahead of the official announcement of the vulnerability on Monday Oct 16, 2017. (Kind of wish they would have announced it on Friday the 13th, huh?)

This wifi flaw was discovered in the security aspects of WPA2 by a security researcher named Mattie Van Hoff, a presenter at the BlackHat conference in Europe.

From the United States Computer Emergency Readiness Team:

“US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the wifi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.”

KRACK: What does this mean and how do I know if I am affected?

Well, there’s some bad news. Basically, you can assume that you’re vulnerable to this attack if you have implemented WPA2 on your router, or any of your devices that you own (be it your tablet, smartphone, laptop, etc.). Or here’s the real kicker, your “Internet of Things” devices.

Yes, it affects Windows, Android, Apple Linux, or any system that is hooking into your wireless router. Let’s not forget all the networking devices; any and all wireless routers and/or range extenders. Oh wait, there’s more! Wireless printers, scanners, smartTVs — anything that uses wireless and WPA2. (Get my thoughts on the WPA2s and wild world of wireless here.)

Are you starting to get the big picture here? KRACK is massive and major.

Now to truly understand what’s happening, it’s time for a little history lesson. WPA2 is the de facto protocol for the wifi that we use for securing our home and business networks. How can you tell if you’re using WPA2? You can look at the details of your wifi connect and it should show you something like this:

What happens with this cyber attack?

When you log onto a WPA2 protected network, which requires your device to do a handshake with the router, (you can’t see this happen with your own eyes, but it’s something that happens in the world of digital 1s and 0s), both the router and your smartphone or laptop agree upon an encryption key that only works between those two devices. Sometimes the “wireless gremlins” step in and the handshake doesn’t complete, so the wireless router will restart the message that it sends to your device until it eventually connects.

If it has to restart the handshake for some reason, the same encryption key is used, and that’s where KRACK comes into play. The handshake is manipulated and replayed to the victim, which restarts the session between the two devices. The attacker reads the handshake, manipulates it, then sends it on its way. So now you can see why I said it’s an underlying problem with WPA protocols, not just any specific vendor.

Oh, and by the way, it affects all versions of WPA implementations in similar ways. This is very concerning because an attacker could decrypt packets via the TCP sequence part of a connection; and if the user is using TKIP or GCMP (which are both encryption protocols used in WPA), the attacker could decrypt and inject malicious packets. This means the attacker could force you to expose passwords to your online accounts, credit card information and any other information that you transmit via the wireless connection.

8 ways to mitigate KRACK

We now understand that the attacks work on both access points and clients, so please don’t think that simply updating the access point keeps you protected. This is a protocol issue. The easy fix would be for everyone to stop using wifi. Since we know THAT won’t happen, we have to be more realistic.

1. Changing passwords won’t help
   If you change your password, you’re not fixing the issue — you are still vulnerable. The positive side is that they cannot steal and read your WPA password, and they cannot inject packets on AES CCMP encryption protocols.
2. Turn automatic updates on
   Microsoft announced within hours that they would be pushing out a fix via a security update. If you remember to patch or apply those updates, then you might be in the clear. Regrettably, some manufactures may take months to issue a patch.
3. Use HTTPS on all sites
   Apply something like “HTTPS Everywhere” on your browser. If somebody was targeting your network, they could still create phishing sites on HTTP. Browse smart and use HTTPS on all sites. This is definitely vital.
4. Have an antivirus!
   Even Windows Defender will be helpful in case an attacker targets you and installs something malicious.
5. Turn firewalls on
   Make sure that your firewalls are turned on; and if you can, switch to a wired connection instead. Clearly you can’t do that for your tablets or smartphones, but for all portable devices, refer to number 4.
6. Use a VPN
   If you have a VPN that you trust, use it.
7. Avoid wifi networks (if possible)
   Switch to LTE or mobile data instead of using wireless. I know that might kill your data plan (shameless plug for unlimited data!), but as soon as you see an update from your device manufacturer make sure to install those immediately.
8. Don’t downgrade to WEP
   Downgrading to WEP is NOT an answer to this problem; it will only make things worse for you. If you do, I’ll hunt you down and take away your “Electronics Usage Permission Card”.

One last thing that comes to my mind when considering this type of attack: I foresee vendors taking advantage of this situation to drive sales of new and improved wireless devices. I predict an uptick in wireless router sales this year. Don’t believe me, keep an eye on the Black Friday Sales! Oh, snap — if this announcement had been released on Friday the 13th, we could have called it a real “Black Friday!”

On that note, see how your security skills stack up with this free assessment: Security for Hackers and Developers, and share your IQ on Twitter with #PluralsightIQ.