KRACK Cyber 
Attack

Serious weaknesses discovered in Wi-Fi’s security protocol

A Key Reinstallation Attack, otherwise known as KRACK, is a newly discovered vulnerability threat  to any modern Wi-Fi’s security protocol. Wi-Fi networks have been protected by Wi-Fi Protected Access 1 and 2 (WPA, WPA2) for over the last 14 years, and this layer of protection has always been steadfast and robust, until recently.

Because the vulnerability is in the Wi-Fi standard, and not in the individual products or implementations, billions of devices are at risk. These include routers, smartphones, personal computers, surveillance cameras, printers, and the list goes on.

However, there is no need for panic. In this article, we will address the nature, scale and impact of KRACK, present the good and bad sides of things to come, and discuss the measures and solutions that can be adopted to safeguard against a potential attack.

How KRACK works

The vulnerability lies within the 4-way handshake of the WPA2 protocol. To paint a clearer picture, think of the protocol as a 4-step handover process (Message 1 to Message 4) between an access point and a client device (e.g. smartphone). This handshake is executed when a client device wishes to join a protected Wi-Fi network where a fresh encryption key is negotiated to ensure security within each session.

The first two exchanges, message 1 and message 2, confirm that both the access point and the smartphone possess the correct credentials such as a pre-shared network password. Message 3 then installs the negotiated fresh encryption key that encrypts all subsequent traffic within the user’s session. In message 4, the access point acknowledges the installation of the encryption key and the user may begin his or her session with the network.

However, because it is common for the packet transmission number (nonce) during message 3 to be interrupted or lost, the network access point will retransmit message 3 until appropriate acknowledgement is received. Each time message 3 is received, the fresh encryption key is reinstalled, the nonce is reset, and a replay counter is received.

An attacker may take advantage of this by collecting and replaying message 3, forcing the reinstallation of the key and resetting the nonce. By forcing nonce reuse in this manner, the data-confidentiality protocol becomes vulnerable to attacks. Packets can be replayed, decrypted, and forged, leading to the theft of information, decryption of sensitive data and possible injection of malicious software.

The bad news

Although any device that supports Wi-Fi is exposed to this vulnerability, it seems that Linux-based devices and Android devices running version 6.0 or higher are the hardest hit, as they are open-source platforms and such devices can be easily tricked into reinstalling a predictable all-zero encryption key. In response to this dilemma, the US Computer Emergency Readiness Team (CERT) has published a list  of vendors that have disclosed being affected, and whether these vendors are actively coming up with a solution. Unfortunately, changing the access point’s password alone will not help to prevent or mitigate KRACK. All client devices should be updated with the latest firmware and patches.

The good news

According to Mr Mathy Vanhoef, the lead researcher who discovered KRACK, there have been no reports of these vulnerabilities being exploited thus far, at least not on the scale of ransomware or DDoS botnets. Furthermore, KRACK is incredibly hard to execute as it is a single-session man-in-the-middle attack. An attacker would need to be within range of a targeted Wi-Fi network to execute the attack.

Windows users do not have to worry as Microsoft has already issued a security patch to resolve the problem. Tech news site CNet has also compiled a list  to identify companies that are actively addressing this issue. The list includes Apple, which rolled out its iOS 11.1.1 security patch on the 31st October for iOS, and Google, which said that it is aware of the issue and will be patching any affected devices in the coming weeks.

The Wi-Fi Alliance, an industry group that represents hundreds of Wi-Fi technology companies, has also mentioned that the issue "could be resolved through a straightforward software update".

How to safeguard against potential attacks

Suggestions on how one can stay safe. They are:

• Always keep your operating system and client devices up to date with the latest patches and updates
• Surf only secure and encrypted webpages (HTTPS) by checking that the Secure Socket Layer (SSL) certificate is trusted. For website owners, ensure that webpages are encrypted so that attackers are unable to inject malware into the site
• When using a public Wi-Fi network, do not send out any confidential information such as credit card information and personal data
• For an additional layer of security, use a virtual private network (VPN) when accessing the internet
• Do not download or install any software from unknown and unencrypted websites

In general, it does not take much to protect yourself against KRACK or any other attacks of similar nature. With information being widely available, one just has to remain vigilant and keep abreast of the inevitable risks of cyber threat that come with the advancement of technology. When in doubt, consult industry experts to find out more on how to stay protected and secure at all times.

StarHub’s Managed Mobile Threat Defence (MTD) solution is able to detect and protect users from man-in-the-middle attacks by immediately alerting the user and safeguarding all corporate assets in the event of an attack. Available for both iOS and Android devices, StarHub’s Managed MTD also helps to verify whether mobile devices on your network are in compliance with security protocols. Mobile users are highly encouraged to have a mobile security solution such as StarHub’s Managed MTD installed, and regularly install any software updates issued by their device manufacturers.

Follow StarHub Business on Linkedin for the latest business updates.