ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Krack Attack—Exploiting Wi-Fi Networks

Krack Attack—Exploiting Wi-Fi Networks

Chris Evans, CISM, CRISC, CISSP, PCI ISA
| Published: 12/21/2017 3:06 PM | Category: Security | Permalink | Email this Post | Comments (0)

Chris EvansRecently, a vulnerability was discovered in the Wi-Fi Protected Access II (WPA2) protocol that secures most modern public protected Wi-Fi networks. This vulnerability is one that is affected by the standard itself, leaving even properly configured Wi-Fi networks exposed and vulnerable. Early reports of this vulnerability overstated the risk and downplayed the difficulty needed to exploit the vulnerability.

What Is It?
A client (or device connecting to the Wi-Fi network) establishes a connection to the Wi-Fi with a handshake, a method used to authenticate it to the Wi-Fi network. This handshake consists of back-and-forth communication between the devices to ensure that both the client and access point (Wi-Fi network) have the proper credentials to allow it to communicate on the network. Through this handshake, an attacker can manipulate the handshake in a manner that the Wi-Fi network seems to receive communication that the client device has been authorized on the network, thus allowing the attacker to connect and gain access.

How Does This Affect Me?
This affects you because most public Wi-Fi networks and most private home Wi-Fi networks use the WPA2 protocol that this vulnerability is used against. This currently affects millions of home users and many small businesses around the world. Those with home Wi-Fi should be aware that this vulnerability can affect you. And remember, most people have smartphones, and smartphones often are connected to Wi-Fi networks.

Should I Be Concerned?
Yes, you should be concerned, but you need to know that executing an attack at this level requires someone with a fair amount of IT experience and the need or desire to access your network, and the attacker must be in close proximity to your Wi-Fi network. Most home users have a low risk of this actually affecting them; however, many of us use public Wi-Fi networks at places such as coffee shops, hotels, small businesses and other popular businesses offering free Wi-Fi. Such places have many users who can simply be sitting there blending in with others who, with such an attack, are now able to access private and confidential data that maybe stored on your computer. Once an attacker is on your network, they probably have enough knowledge and experience to search for data, manipulate your computer, turn on a security camera or even adjust your thermostat—it just depends on the extent of your Wi-Fi network and devices connected to it.

How Can I Protect Myself?
The first step to take is to be aware of public Wi-Fi networks and only connect to them when your need is great. Public Wi-Fi networks should always be a concern when you connect to them as they do not offer any security to you as a user, and the devices present on the network are unknown and can be malicious. Second, always make sure that when passing personal or confidential information you are connecting to a secured service. Secured services are typically identified by https in the URL or identified with a lock located in the URL address window. If you are unsure, contact the company or service in question and ask if they offer a secured connection and if that connection is secured using TLS 1.2. If you are a more sophisticated user, you can use a virtual private network (VPN) connection or one that encrypts your communication and secures the data at all times. Most VPNs are paid services and offer support if you decide to utilize that option. Finally, if you have the ability to utilize a hard-wire Ethernet connection, do so. Using a physical Ethernet connection when the security is unknown adds a layer of security, and this connection method is not affected by this vulnerability.

How Do I  “Fix” This?
Rest assured the vendors that provide the hardware and software to make Wi-Fi connections happen are scrambling to issue a patch or update that will remediate the vulnerability. Such companies, including Apple, Microsoft and Google, have issued fixes to remediate this, but some fixes may take time to get to many commonly used devices such as tablets and smartphones. However, any device that connects to your Wi-Fi network should be considered and evaluated for a firmware update. Firmware updates change the configuration of the device in a manner meant to enhance or secure it. One of the best ways to “fix” or remediate this vulnerability is to check and apply any updates issued by the manufacturer. If you are unaware of what or how to do this, please refer to the documentation provided with the device, the manufacturer’s website, the place of purchase or a local IT expert with computer security knowledge.

Stay safe on the Internet! Be sure you know what you are doing and where you are looking.

Chris Evans, CISM, CRISC, CISSP, PCI ISA, is the security and compliance manager at ISACA and has been with the organization for more than 11 years. Chris has nearly 20 years of information technology experience with his interest and passion dedicated to information and data security. He has held information security leadership positions in companies including Andrew Corporation (manufacturing), Edward Hospital (healthcare) and Transamerica/General Electric (finance).

Comments

There are no comments yet for this post.
Email