KRACK: Key Reinstallation AttaCK – Affecting Wi-Fi Networks & Devices
What is KRACK?
A protocol that secures all modern protected Wi-Fi networks, called Wi-Fi Protected Access II (WPA2), has a serious weakness that was discovered in 2016, however, recently published in full detail in October 2017.
The Key Reinstallation AttaCK (KRACK) is a type of replay attack, where data is intercepted and re-transmitted. However, in this exploit the attacker also gains the encryption key, allowing them to view sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on, previously thought to be safely encrypted.
In some cases, the invasion will also allow the attacker to completely hijack connections. In addition to enabling access to decrypted data, data can also be forged or injected. For example, an attacker can inject ransomware or malware into websites that the victim is visiting.
Is my network or devices affected?
The attack works against all modern protected Wi-Fi networks. If your device supports Wi-Fi, it may be affected.
Devices which seem to be the most affected are those operating Android and Linux as they can be tricked into using an all-zero key instead of a real encryption key, making it trivial for the attacker to intercept and manipulate traffic sent by these devices.
How do I protect my network or devices?
Luckily, the issue can be patched in a backwards-compatible manner. That means if either the device or the wireless access point are patched with the relevant security update, they are both protected while communicating with each other.
Updates allow users to be proactive about protecting themselves by updating their devices once a patch is available, and enterprises can more globally protect both their own and guest devices by updating their access points.
Is a patch available for my device yet?
It is best to contact your IT support or product vendor for more information on whether a patch is available, and if it has been deployed yet. Here’s info for some common devices:
- Apple iOS (iPhone/iPad): Some vulnerabilities patched by iOS 11.1, with more patches expected to come
- Apple macOS (MacBooks/Mac Mini/iMac): Some vulnerabilities patched by macOS 10.13.1, with more patches expected to come
- Microsoft Windows: Security update released on October 10, 2017, covering the single vulnerability that affected Windows, however, Microsoft strongly recommends also updating device drivers, as sometimes the vulnerable functionality may be offloaded to installed Wi-Fi hardware.
- Android (Google): There has been a released security patch for some Pixel/Nexus devices (excluding Pixel 2 XL).
- Android (Samsung): No security patch available yet
- Android (Other): Please check with your IT support or vendor
- Cisco (Wi-Fi enabled models only): Some devices patched, with further patches coming
- Cisco Meraki (Wi-Fi enabled models only): If you have MR33s/30Hs/74s deployed in your networks, please upgrade to firmware version MR 25.7 or later. All other networks should upgrade to version 24.11 or later for MR24.X releases only. MX devices do not support 802.11r and are not affected by the 802.11r vulnerability.
- Fortinet (Wi-Fi enabled models only): For FortiGate Wifi models used under Wifi Client mode upgrade to 5.2.12, 5.4.6, 5.6.2 special build or upcoming FortiOS 5.6.3. For FortiAP used as a mesh leaf upgrade to FortiAP 5.6.1, 5.4.4 or upcoming FortiAP 5.2.7
- Ubiquiti (Wi-Fi enabled models only): Firmware update including security patch released 16th October
If you’re concerned about a device type that we have not listed, please feel free to contact us at any time.
More information on KRACK
Written by Andrew Clark, a Senior Systems Engineer at Computer West