Written By Dr Al Hartmann And Presented By Chuck Leaver
Enough media attention has actually been generated over the Wi-Fi WPA2 defeating Key Reinsertion Attack (KRACK), that we don’t have to re-cover that again. The initial finder’s site is a good location to evaluate the issues and connect to the detailed research findings. This might be the most attention paid to a fundamental communications security failure since the Heartbleed attack. During that earlier attack, a patched variation of the susceptible OpenSSL code was launched on the exact same day as the general disclosure. In this brand-new KRACK attack, similar responsible disclosure guidelines were followed, and patches were either currently released or quickly to follow. Both wireless endpoints and wireless network devices must be properly patched. Oh, and good luck getting that Chinese knockoff wireless security camera bought off eBay patched quickly.
Here we will just make a couple of points:
Take inventory of your wireless devices and take action to make sure appropriate patching. (Ziften can carry out passive network stock, including wireless networks. For Ziften-monitored end points, the readily available network interfaces along with used patches are reported.) For business IT personnel, it is patch, patch, patch every day anyhow, so absolutely nothing new here. But any unmanaged wireless devices need to be identified and verified.
Windows and iOS endpoints are less susceptible, while unpatched Linux and Android endpoints are extremely vulnerable. Many Linux end points will be servers without wireless networking, so not as much exposure there. But Android is another story, particularly given the balkanized state of Android updating across device makers. Most likely your business’s biggest direct exposure will be Android and IoT devices, so do your danger analysis.
Avoid wireless access through unencrypted protocols such as HTTP. Stick to HTTPS or other encrypted protocols or utilize a safe VPN, but know some default HTTPS sites permit compromised devices to coerce downgrade to HTTP. (Note that Ziften network monitoring reports IP addresses and ports used, so take a look at any wireless port 80 traffic on unpatched endpoints.).
Continue whatever wireless network health practices you have been utilizing to recognize and silence rogue access points, unapproved wireless devices, etc. Grooming access point placement and transmission zones to reduce signal spillage outside your physical boundaries is also a smart practice, given that KRACK hackers should be present locally within the wireless network. Do not provide advantaged placement chances inside or close by to your environment.
For a more broad discussion around the KRACK vulnerability, take a look at our current video on the subject: