KRACKing WPA2 Wifi

2 minute read

Researchers this week published information about a serious weakness in WPA2 — the security standard that protects all modern WiFi networks. In non-tech speak, there is a way to obtain the secret key to decrypt the traffic sent over a WPA2 WiFi network exposing all the traffic to interception. If you want the full tech version then have a read (Here)

DON'T PANIC

First of all, let's not panic, as at the time of writing there is no known evidence of this exploit being used in the wild. Many systems have already been patched (example Windows 10 KB4041676) or are not vulnerable, more will be updated in the coming days/weeks. That said, older devices that may no longer be supported and will need to be checked and, in some cases, replaced if no fix is available. Bleeping Computer has put together a page with a list of firmware and driver updates.

As this vulnerability will eventually be remotely exploitable, although local proximity will be required, you should now start to check, update or replace any wireless devices as soon as you can. The problem with this vulnerability, as with most, is that you will only be as secure as the weakest link. In this case any device that is vulnerable will allow this vulnerability to expose the whole wireless network.

What devices do you have on your wireless network?

Phones, Tablets, Laptops, Printers, Scanners, Projectors, maybe other devices like doorbells, CCTV, Vending Machines.

Some of these devices should not be on your corporate WiFi anyway but if they are and they are vulnerable then your network maybe compromised. WiFi for corporate environments should be isolated and protected from sensitive production environments.

For everyday users this is still a serious problem but mitigated somewhat by a great number of web services forcing the use of SSL/TLS which encrypts the traffic to the server from your device. Use a VPN such as Freedome from F-Secure and install the browser add-on HTTPS everywhere from eff.org to ensure your traffic is encrypted, where possible.

What's at risk if I do nothing ?

Traffic sent across the network could be intercepted, monitored, redirected or changed by a potential attacker, effectively making the WiFi network no safer than the local coffee shops. This could mean internal servers and other services that were once "internal" could be available to a potential attacker with very little effort by passing that expensive Firewall and other protections you may have in place.

Now I say again

"DON'T PANIC"

It is serious and will need to be sorted but you still have time to prepare and put a proper plan in place...

Contact us if you need help.

Updated: