KRACK
WI-FI
ATTACK
8 | MANE INFORMATION TECHNOLOGY | DECEMBER 2017
serious weakness in the WPA2 protocol that secures all modern Wi-Fi networks has been
discovered. Any devices that have not been updated can be breached using an exploit that targets WPA2's weaknesses using key re-installation attacks (KRACKs).Using the exploit, the attacker can potentially steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and just about anything that passes through the Wi-Fi signal. It may also be possible install ransomware or other malware into websites that can manipulate data.
The good news is the attack is difficult to carry out and would require a lot of work to pull off. The bad news is that all Wi-Fi-enabled devices are vulnerable until they're updated. So what do you have to do to protect yourself? Simply update your devices when one is available. Manufacturers including Apple, Google and Microsoft have begun to release updates addressing the vulnerabilities on their devices. Don't wait to update your smartphone or computer and be sure to take a look at all Wi-Fi-enabled devices you own.
You can download the full report of the researchers finding here. ■
QUICK FAQ
Do we now need WPA3?
No, luckily implementations can be patched in a backwards-compatible manner. However, the security updates will assure a key is only installed once, preventing our attack. So again, update all your devices once security updates are available.
Should I change my Wi-Fi password?
Changing the password of your Wi-Fi network does not prevent (or mitigate) the attack. So you do not have to update the password of your Wi-Fi network. Instead, you should make sure all your devices are updated, and you should also update the firmware of your router.
Are people exploiting this in the wild?
We are not in a position to determine if this vulnerability has been (or is being) actively exploited in the wild. That said, key reinstallations can actually occur spontaneously without an adversary being present! This may for example happen if the last message of a handshake is lost due to background noise, causing a retransmission of the previous message. When processing this retransmitted message, keys may be reinstalled, resulting in nonce reuse just like in a real attack.
Courtesy krackattacks.com
A