Every so often a vulnerability is identified that is so pervasive that it jumps to the head of the line in needing to be addressed. One of the most recent examples of this is the KRACK vulnerability. Dutch security researchers made public their findings that demonstrated fundamental design flaws in WPA2 (the security model used in connecting to wireless access points) that could lead to man-in-the-middle (MITM) attacks on wireless networks. So what does this mean?
Named KRACK, or key reinstallation attacks, this technique can theoretically be used by attackers to steal sensitive information from unsuspecting wireless users leveraging these flaws in the Wi-Fi standard affecting an estimated 50 percent of all smart phones and most other commercial and enterprise wireless infrastructure. Major operating systems including Windows, macOS, and FreeBSD are also vulnerable.
It's important to note that the weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available.
At the same time, one of the most important words to note from the definition above is the word "theoretical'. While pervasive, this vulnerability is also not all that easy to take advantage of. The good news is it’s not a remote vulnerability and requires physical proximity to the device to spoof the WiFi network the client (ie: cell phone, tablet, etc.) is connected to. In addition, the researchers said they weren't even sure if the vulnerability has yet been exploited in the wild.
How to stop KRACK’s Wi-Fi breach
First, it is critical to understand your exposure by performing an inventory of all wireless equipment in use. This vulnerability primarily affects wireless clients such as your cell phone, tablet, or laptop.
While it can be difficult, costly, and time intensive to perform a wireless survey in a large organization, knowing which wireless equipment is in use is critical to a comprehensive remediation path. Once an inventory is complete, here are some of our recommendations for addressing this issue:
- Patch all of your WiFi clients, whether Windows, Linux, Android, iOS or Mac OS based, with the latest KRACK updates from your client vendors. The attack is launched by compromising the wireless device, not the wireless router, so that is the most important area to focus on when you go about patching.
- The good news for our clients running SonicWall wireless access points is that SonicWall Capture Labs evaluated these vulnerabilities and determined that their SonicPoint and SonicWave wireless access points, as well as their TZ and SOHO wireless firewalls, are not vulnerable. No updates are needed for SonicWall wireless access points or firewalls with integrated wireless.
- If you are not running a SonicWall for your wireless, check with your vendor to determine if you need to patch your wireless access points and/or routers. Ideally, your WiFi solution would be centrally managed allowing you to provide updates and patches in a timely fashion without crippling IT resources.
- Add an additional layer of security by using VPN technology to encrypt all network traffic between your wireless devices and your firewall.
- Advise your users to transmit sensitive data only on TLS/SSL-encrypted web pages. Look for the green lock symbol in the address bar along with https in the URL.
- Be on the lookout for unusual activity inside or outside your facility. In order to launch an attack using these vulnerabilities, an attacker must be physically located within Wi-Fi range of both the access point and the wireless client that is attempting to connect to the network. That means the attacker must be in or near your building, which makes it a bit more difficult to leverage than other Internet-only attacks.
One other note: there is no need to change Wi-Fi passwords as the KRACKs do not require the Wi-Fi password to be successful.
If you haven’t already, change your mindset on cyber security
This vulnerability highlights an important aspect of security. The technologies we rely on and trust implicitly today are not perfect and may not even be in use five or 10 years from now. The authentication methods we use today (e.g., username/password and sometimes multi-factor authentication) will probalby be replaced in the future by next gen identity access management systems that correlate a variety of factors specific to an individual.
Keep in mind that when it comes to cyber security, we're living through is an ever changing landscape. Security controls we rely upon to protect our organizations and personal devices invariably become vulnerable due to advances in technology and research performed by attackers and information security professionals alike. Updates are released constantly for your mobile phones, computers, applications, and other IT equipment with varying levels of criticality.
How we can help
If you want to maintain a strong security posture to defend against current threats, it isn't enough to simply patch your systems. You must have effective vulnerability management programs and work with IT professionals focused on cyber security so that you can stay ahead of these flaws and enhance your defenses in a timely manner.
While individuals are the management point for individual devices (ie: phones, tablets, etc.), your IT professional should be the one repsonsible for making sure the wireless access points on your network are safe. Because this is so widely impactful, our NOC Team has been fast at work ensuring our Managed Service clients are protected in this area.
Hopefully, this info's been helpful. Let us know in the Comment box below or shoot me an email if you’d like to chat about this in more detail.