Are There KRACKs in Your Wireless Network Security?

Author: Craig Pollack Date: Nov 15, 2017 Topics: Cybersecurity

Are There KRACKs in Your Wireless Network SecurityEvery so often a vulnerability is identified that is so pervasive that it jumps to the head of the line in needing to be addressed.  One of the most recent examples of this is the KRACK vulnerability. Dutch security researchers made public their findings that demonstrated fundamental design flaws in WPA2 (the security model used in connecting to wireless access points) that could lead to man-in-the-middle (MITM) attacks on wireless networks. So what does this mean?

Named KRACK, or key reinstallation attacks, this technique can theoretically be used by attackers to steal sensitive information from unsuspecting wireless users leveraging these flaws in the Wi-Fi standard affecting an estimated 50 percent of all smart phones and most other commercial and enterprise wireless infrastructure. Major operating systems including Windows, macOS, and FreeBSD are also vulnerable. 

It's important to note that the weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available.

At the same time, one of the most important words to note from the definition above is the word "theoretical'.  While pervasive, this vulnerability is also not all that easy to take advantage of. The good news is it’s not a remote vulnerability and requires physical proximity to the device to spoof the WiFi network the client (ie: cell phone, tablet, etc.) is connected to. In addition, the researchers said they weren't even sure if the vulnerability has yet been exploited in the wild.

How to stop KRACK’s Wi-Fi breach

First, it is critical to understand your exposure by performing an inventory of all wireless equipment in use. This vulnerability primarily affects wireless clients such as your cell phone, tablet, or laptop.

While it can be difficult, costly, and time intensive to perform a wireless survey in a large organization, knowing which wireless equipment is in use is critical to a comprehensive remediation path. Once an inventory is complete, here are some of our recommendations for addressing this issue:

  • Patch all of your WiFi clients, whether Windows, Linux, Android, iOS or Mac OS based, with the latest KRACK updates from your client vendors. The attack is launched by compromising the wireless device, not the wireless router, so that is the most important area to focus on when you go about patching.
  • The good news for our clients running SonicWall wireless access points is that SonicWall Capture Labs evaluated these vulnerabilities and determined that their SonicPoint and SonicWave wireless access points, as well as their TZ and SOHO wireless firewalls, are not vulnerable. No updates are needed for SonicWall wireless access points or firewalls with integrated wireless.
  • If you are not running a SonicWall for your wireless, check with your vendor to determine if you need to patch your wireless access points and/or routers. Ideally, your WiFi solution would be centrally managed allowing you to provide updates and patches in a timely fashion without crippling IT resources.
  • Add an additional layer of security by using VPN technology to encrypt all network traffic between your wireless devices and your firewall. 
  • Advise your users to transmit sensitive data only on TLS/SSL-encrypted web pages. Look for the green lock symbol in the address bar along with https in the URL.
  • Be on the lookout for unusual activity inside or outside your facility. In order to launch an attack using these vulnerabilities, an attacker must be physically located within Wi-Fi range of both the access point and the wireless client that is attempting to connect to the network. That means the attacker must be in or near your building, which makes it a bit more difficult to leverage than other Internet-only attacks.

One other note: there is no need to change Wi-Fi passwords as the KRACKs do not require the Wi-Fi password to be successful.

If you haven’t already, change your mindset on cyber security

This vulnerability highlights an important aspect of security. The technologies we rely on and trust implicitly today are not perfect and may not even be in use five or 10 years from now. The authentication methods we use today (e.g., username/password and sometimes multi-factor authentication) will probalby be replaced in the future by next gen identity access management systems that correlate a variety of factors specific to an individual.

Keep in mind that when it comes to cyber security, we're living through is an ever changing landscape. Security controls we rely upon to protect our organizations and personal devices invariably become vulnerable due to advances in technology and research performed by attackers and information security professionals alike. Updates are released constantly for your mobile phones, computers, applications, and other IT equipment with varying levels of criticality.

How we can help

If you want to maintain a strong security posture to defend against current threats, it isn't enough to simply patch your systems. You must have effective vulnerability management programs and work with IT professionals focused on cyber security so that you can stay ahead of these flaws and enhance your defenses in a timely manner.

While individuals are the management point for individual devices (ie: phones, tablets, etc.), your IT professional should be the one repsonsible for making sure the wireless access points on your network are safe. Because this is so widely impactful, our NOC Team has been fast at work ensuring our Managed Service clients are protected in this area.

Hopefully, this info's been helpful. Let us know in the Comment box below or shoot me an email if you’d like to chat about this in more detail.

Founders Technology Review Call


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.