Understanding the Impact of the KRACK Attack
Brendan Fitzpatrick, Vice President, Cyber Risk Engineering

I am writing to give you the skinny on KRACK, the attack, and to provide some of the “facts” along with some recommendations for what to do now. The bottom line is that your devices ARE vulnerable to this newly discovered attack. Practically every WiFi enabled device is affected. Computers and mobile devices will likely get updates in the near future, though IoT and embedded devices may be a different story. You will want to update your devices as vendors release patches. You may also consider getting in compliance with your backup policies now to save frustration later.
 
What is the KRACK attack?

  • KRACK is short for key reinstallation attacks
  • The vulnerability is within the WPA2 protocol which means all WiFi enabled devices utilizing WPA2 are vulnerable
  • WPA2 is short for Wi-Fi Protected Access 2 and is how the connection to your WiFi access point is secured
  • The attack relies upon the 4-way handshake negotiation at the beginning of WiFi sessions
    • An attacker needs to be physically in range of a particular Wi-Fi network to carry out the assaults
    • The attack must take place during the 4-way handshake
    • The attack does not reveal the WiFi passphrase and does not allow the attacker to join the network
    • If the attack is successful they can potentially decrypt traffic between the victim client and their access point
    • Currently, the attack is focused only on the client side of the handshake
    • The researcher discovered the vulnerability in May, informed vendors in July, and made it public very recently
    • Most vendors are working diligently on patches
    • The researcher has not released a toolkit or script for the exploit
    • There are no known uses of the attack in the wild

 
What can you do?

  • Update your devices as vendors release patches
    • Microsoft claims that an update is already available for currently supported Windows versions
    • Apple claims that their update for all currently supported devices is in Beta and will be pushed to the public soon
    • Google Android and other Linux based devices may be the most affected and updates are still being developed
  • Changing your Wi-Fi password or getting a new router won't protect against Krack attacks, but are never bad ideas
  • Protect sensitive company and client data according to your company policies
  • Enterprise users should ensure you use the your company VPN when on public WiFi and use https enabled websites whenever possible
  • Consider tethering your phone when WiFi networks do not play nice with your corporate VPN, as cellular connections are encrypted

 
Researcher’s site on KRACK
https://www.krackattacks.com/
 
Research paper on KRACK
https://papers.mathyvanhoef.com/ccs2017.pdf
 
Great article for the non-techie 1
https://www.wired.com/story/krack-wi-fi-wpa2-vulnerability/
 
Great article for the non-techie 2
https://securingthehuman.sans.org/blog/2017/10/16/28748/

Summary

I am writing to give you the skinny on KRACK, the attack, and to provide some of the “facts” along with some recommendations for what to do now. The bottom line is that your devices ARE vulnerable to this newly discovered attack. Practically every WiFi enabled device is affected. Computers and mobile devices will likely get updates in the near future, though IoT and embedded devices may be a different story. You will want to update your devices as vendors release patches. You may also consider getting in compliance with your backup policies now to save frustration later.