Threat Alert: What the KRACK WPA2 vulnerabilities mean for most businesses

16 October 2017 by mikevarian Security
Threat Alert: What the KRACK WPA2 vulnerabilities mean for most businesses

This morning, a new set of vulnerabilities in the WPA2 protocol were publicly disclosed after an embargo period which gave vendors an opportunity to work on security patches to address the problem. WPA2 is a security protocol which today is the recommended “best practice” for securing wireless networks, when you connect to a new WiFi network and it prompts you for a password - most often this is the WPA2 protocol at work.

For those with a stomach for deep technical detail, the full explanation of the attacks can be found here: https://www.krackattacks.com

This is a very high profile disclosure because of the prominence of the WPA2 protocol in protecting wireless networks in homes, businesses, government, and enterprise. Here are a few important things to know about what this means for your business:

  • This is not a remotely exploitable vulnerability, rather it is a “close proximity” attack. An attacker must be physically in range of your WiFi network in order to exploit this vulnerability. In general, this also means that you need to be specifically targeted by a reasonably sophisticated attacker who is willing to go to your location, which is not part of the threat model for most small and midsized businesses.

  • If you securely access a website protected by TLS (with the green lock in the website address bar), you are still just as secure as before.

  • The attack is not as as effective or damaging with Windows, macOS, and iOS devices, further mitigating exposure in most business environments.

  • The vulnerability is eliminated through patching. As long as your business continues to follow the best practice of staying current on your security updates and patches on all of your devices and they are still receiving security updates, this should resolve itself for you very soon, if not already.

  • Android devices in particular are a huge target for this attack, partly because of how their wireless software works, and because it is so difficult to get timely software updates.

  • The worst outcomes of this attack are compounded with the attacker successfully executing a “Man-in-the-Middle” (MiTM) attack against your device once it has breached your wireless connection, this same MiTM attack can be launched through other methods separate of the new KRACK vulnerabilities. There are numerous ways to defend against this, regardless of how the attacker intercepts your communications. For a deeper review from an offensive perspective to evaluate your risk in an attack, please contact us.

A couple technical details regarding your security protocols: You should not change your wireless security protocol from WPA2 to a lesser protocol, such as WPA1 or WEP. These other protocols have much more serious security issues that cannot be fixed, whereas WPA2 is still reasonably secure for most people, and can be patched to mitigate this vulnerability. For those comfortable enough to check the specifics of your settings: If you are on WPA2-TKIP and have the option to switch to WPA2-AES or WPA2-AES-CCMP, AES-CCMP is a more secure option, though this change alone won’t make you invulnerable to this attack.

Related posts