KRACK Attack: Everything you need to know about the latest Wi-Fi security vulnerability

The KRACK attack is the latest Wi-Fi security vulnerability. It's a big one but it can be avoided.

• 16 October 2017
• By Matthew Simpson
•  Security

If you’ve been keeping up on you technology new you may already have heard about the KRACK attack , if not here’s some information on what it is, how it affects you (and yes, it does affect you), and what you can do to mitigate it.

What is it?

The KRACK attack (Key Reinstallation Attack) is an exploit which allows a malicious user to read and manipulate data over a secure wifi network. This allows the malicious user to use phishing techniques to steal login details, credit card information, chat messages, emails, photos etc. It may also be possible to inject ransomware or malware onto a device.

KRACK takes advantage of a weakness in the WPA2 (Wi-Fi Protected Access 2) security protocol to perform its attack, and thus this can be done on all modern Wi-Fi networks. The attack tricks the targetted device to use encryption keys that are known to an attacker, allowing the data to be decrypted and manipulated by them. WPA2 itself was made available in 2004 to overcome the security issues present in the previous wireless encryption protocol, WEP.

How bad is it?

WPA2 is the defacto security protocol for Wi-Fi, and is present on all modern Wi-Fi enabled devices. If you have to enter a password to get onto a Wi-Fi network, then you’re using WPA2. If you don’t have to enter a password then your connection isn’t encrypted and you’re already vulnerable to the phishing techniques this attack opens up.

Android and Linux appear to also be particularly vulnerable to this attack as flaws in those operating systems allow for the KRACK exploit to be implemented with little effort.

How worried should I be?

The KRACK attack is a major security flaw in a protocol that is used in every WI-Fi device (and in fact WPA2 must be implemented to receive a Wi-Fi certification for manufactured devices). However, the attack is what’s know as a “targetted attack”. You are only truly vulnerable when an attacker is near you, so you should only be concerned when using public access points (and only those with a password; open Wi-Fi networks are already vulnerble to the types of phishing this attack allows).

Thankfully, the security flaw in WPA2 which allows this attack to take place can be fixed with patches. This means that all you should have to do is to ensure that your devices (phones, routers, PCs etc.) are kept up to date with the latest security patches as they are released. These patches are already starting to be released so most likely your devices will be secured before anyone has a chance to take advantage of this new attack.

What can you do?

If you normally keep your devices up to date and have properly configured security on any websites you control then you’re probably already doing everything you can at this point.

It’s worth noting that you don’t always have to use Wi-Fi. In the Mesomorphic office we have connected every device that we can via ethernet. That way we don’t have to worry about these kind of attacks and we can benefit from a more reliable office network. Wi-Fi is used solely for devices without ethernet ports such as mobile devices. Even our laptops are connected via ethernet at each desk.

Here’s some specific actions you can look into depending on your role:

Consumers

• Ensure that any software/firmware updates available for your devices are installed. This includes operating system updates and firmware updates for things such as home routers. It’s worth noting that routers don’t always automatically update their firmware so you may have to do this manually.
• When browsing sites that require logging in or sharing sensitive data, ensure that HTTPS is enabled. You’ll see this in Firefox, Chrome, and Safari as a padlock icon in the address bar. If the padlock icon is not present then you shouldn’t be submitting sensitive data to those sites, especially on an open Wi-Fi network.

Webmasters

• Ensure that your site uses HTTPS and that your site is correctly configured to only allow connections via HTTPS. If it’s set up correctly then HTTPS connections cannot be redirected by a malicious user and your website visitors should be protected. Don’t rely on users noticing that they aren’t connected via HTTPS.

Hardware admins

• Ensure that your devices have been updated to their latest firmware/software to ensure that any patches released to fix the KRACK vulnerability have been applied.

More reading

Further information can be found on the Official KRACK Attacks website