KRACK Attacks: Protocol Insecurity

The KRACK Attacks are a great example of why updates are important. Wireless networking has been around over 45 years with many encryption and security layers being adapted over that time. The variation most commonly in use today, Wi-Fi with WPA2, is about 13 years old. Thousands of people have reviewed the protocol documents. Vendors across the world have implemented the protocol as it was designed and it is in active daily use on billions of devices (yes, billions with a “b”). However, a relatively minor flaw in the design of the greeting/handshake allows an evil third party to essentially hijack any Wi-Fi network.

At least 6 months ago a series of vulnerabilities in all wireless protocols (including the most secure current wireless protocol, WPA2) were discovered that allowed for an evil third-party in range of your Wi-Fi network connection to emulate it and hijack your access to the connection to be able to siphon or change information between you and the Internet. These vulnerabilities also make it possible to intercept and alter “secure” traffic (such as HTTPS encrypted connections) by way of it’s MitM scope on some networks and devices.

Every vendor’s hardware that was tested was found to be vulnerable. The thing is, if they obeyed the protocol it would literally be impossible not to be vulnerable.

Several months ago the person that discovered the issue contacted different vendors to alert them of the problems and they are actively coordinating security updates this week to address them. FreeBSD patched it months ago. Microsoft patched it last Tuesday. Some Android devices have been patched over the last couple weeks, while others may never be. Security updates for ChromeOS should be released next Tuesday. Apple’s patch for iOS, macOS, tvOS and watchOS is planned for release “soon,” but every version of macOS and iOS are affected and not all are still supported (in other words – only some Apple devices will receive patches). Hardware vendors are gradually releasing updates for supported devices.

What should you do?

Patch or replace your hardware. All of your hardware: your routers, modems, phones, tablets, laptops, desktops that have Wi-Fi support, even your light bulbs and irrigation systems.

If a patch is not currently available for your hardware, hound the vendor until it is, or replace/avoid that hardware (and vendor).

If your hardware is no longer supported by the vendor you will not receive security updates to address this vulnerability. Most hardware still in use today is beyond it’s support period (aka “end of life/EOL”), so will never receive a security update to address this vulnerability or any other. Really. It’s probably time to replace that “perfectly good” wireless router you picked up “only 5 years ago” at a “helluva bargain” that “still works.” It’s annoying, but important to check the vendors site when purchasing hardware to ensure that it’s supported by them. Most vendors support their hardware only 5 to 10 years after a modem was initially released. Most people buy hardware at least half-way through this period, significantly reducing the applicable support period.

Always use TLS/SSL. If the sites you visit don’t support HTTPS, don’t use them or at least contact their webmasters to request HTTPS support.

Avoid wireless connections. Yes, really. Even if this had never occurred, understand that every wireless network is inherently insecure. Emulating your network the way the KRACK Attack operates is only one way to hijack it. There are many other risks in all forms of networking, from old, insecure, and unsupported network equipment that can be easily compromised to unmaintained and unsecureable hardware that joins the network. While a wired network generally contains all traffic within the cables that make up the network, a wireless network, by definition, broadcasts all network traffic for any evildoer within range to capture and record. While they may not be able to exploit that encrypted information today, it’s likely that similar vulnerabilities will be discovered that allow them to decrypt and abuse that information sometime in the future. Avoiding wireless connections reduces this risk.

I thought this only affected my router?

No. This vulnerability is a protocol-level issue, which means that every single wireless device in the world that was designed to obey the protocol is impacted. All of them. Patch or replace.

Many protocols have weaknesses that are eventually addressed with minor and sometimes major changes. SMTP – the protocol used to send email – didn’t require any form of authentication at any level for over 20 years! The geeks that think this stuff up are awesome, but we can’t anticipate everything.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

 

Leave a Reply

Your email address will not be published. Required fields are marked *