GGR Communications, a Cisco Premier Partner, are experts in delivering High Density Public WiFi. For more than 20 years, we have been offering the latest solutions and technologies for Managed Network Services, Wireless Networking, Unified Communications, and Network and Data Security. Our wireless networks are secure and scalable, and we pride ourselves in providing superior end-to-end support and professional services. Here is our response to ‘KRACK’…
On Monday 16/10/17 ten security vulnerabilities affecting the WPA1/WPA2 Wifi standards across all vendors and clients were publicly disclosed. Security researcher Mathy Vanhoef also released a demonstration of one of these vulnerabilities being exploited to intercept Wifi traffic – We highly recommend looking at the website published at www.krackattacks.com.
The vulnerabilities have a widespread impact as they relate to the basic process by which Wifi devices establish a secure connection. In the demonstration, one of the messages sent in the initiation of the connection is exploited to either reset (in the case of Android blank out) the fundamental key material being used to encrypt the Wifi packets. Networks are lossy and messages being re-transmitted is a necessary feature. However, this is what can be exploited by a third party. The handshake messages can be resent, potentially after significant time, causing the keying material to reset to an earlier point. There are then standard ways of attacking encrypted data where the keys being used are reset to an earlier point. The patches vendors are pushing out revolve around both of the client and infrastructure devices ignoring when the keying messages are resent.
The vulnerability impacts most devices that use WPA2 to connect to a Wi-Fi network. This does not impact just smartphones, laptops and tablets, but also IoT. The most vulnerable so far appears to be Android devices.
This attack requires an attacker to be physically close to the device being attacked, thus limiting how fast it will scale.
What is the impact?
The vulnerabilities are serious as a large number of Wifi devices from multiple vendors are affected. The difference between vendors results from the specific implementations they have made of the WPA1/WPA2 standards – they do not explicitly protect against the attack.
The most worrying is the specific impact for Android & Linux devices – an attacker can force the client into using an all-zero encryption key, entirely defeating the encryption. This is further complicated by the state of the Android ecosystem – the Android developers publish statistics for the global install base each month. This has historically shown that users are slow to update and device vendors are slow to push the updates down.
The impact for any specific vendor or device will vary wildly – A collective effort to publicly keep track of responses from vendors is being maintained by the community at https://github.com/kristate/krackinfo#vendor-response-complete. There are currently no published exploits or evidence of live exploitation – it is however only a matter of time.
What should you be doing?
– Patch and update all Wifi devices within your organisation as soon as vendors publish releases. This is the number one action you should be taking to give full protection against this vulnerability. The vulnerabilities affect both client and infrastructure devices – both need to be patched.
– Promote use of other encryption technologies within your organisation and adopt a defence in-depth policy. For example, the effect of the vulnerabilities may allow encrypted HTTPS web sessions to be viewed, however they are still encrypted and protected. Corporate VPNs similarly are encrypted at a lower level than the Wifi encryption. Email client sessions should be encrypted using TLS/SSL. The best protection is always to choose the secure option at all levels so that where one fails, the potential damage is as limited as possible.
– Some legacy devices or those beyond the vendors last date of support, or end of live may no longer be able to be patched – these will need to be replaced or removed from service.
How are we responding?
As vendors publish the patches, we will be scheduling updates at the earliest opportunity for all our customers with support contracts. It is imperative that any device that connects to a WiFi is updated. Being industry experts, we are also well positioned to help others assess the impact and resolve this critical vulnerability.
Please contact our Support team at GGR Communications with any concerns/questions on firstname.lastname@example.org or 01905 825999.