Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
KRACK - What you need to know about Key Reinstallation AttaCKs
On Monday, October 16, researchers announced the discovery of several vulnerabilities within the wireless protocol WPA and WPA2. The details of these vulnerabilities—dubbed KRACK—have not been disclosed in full to the public, as researchers only released a whitepaper and a video outlining the vulnerabilities. In the days following the announcement, more and more information was released, but many questions still go unanswered.
The basic issue with this vulnerability is its impact on a commonly-used wireless security protocol used by enterprises and consumers—WPA2. This vulnerability not only affects WPA/WPA2 Personal but also WPA/WPA2 Enterprise implementations on access points as well as wireless client devices. In short, an attacker can conduct this attack by injecting packets that reinstall the encryption keys to a known value, allowing them to decrypt and replay traffic from clients. This can happen with a few specific configurations, including:
The picture below outlines which vulnerabilities can be exploited on access points and client devices.
Figure 1: Source – KRACK Attack Whitepaper, Written by Mathy Vanhoef
There are no new attack vectors or techniques associated with KRACK vulnerability, other than injecting encryption keys and causing clients to use these new encryption keys known to the attacker, allowing the attacker to replay, decrypt or forge wireless traffic. Replaying, traffic decryption and wireless packet forging attacks have been well-known, commonly used and documented prior to the release of this vulnerability.
To help protect themselves against the KRACK vulnerability, consumers should update their wireless access points and clients as soon as patches become available. Most access point vendors and Linux distributions have released patches. The following matrix outlines the current list:
Vendor Patch Management
Vendor Patch Available In Development Not Directly Affected
Extreme Networks X
Turris Omnia X
Watchgaurd Cloud X
Figure 2: Source – https://github.com/kristate/krackinfo
The picture below outlines which WPA implementations are vulnerable on specific devices.
Figure 3: Source – KRACK Attack Whitepaper, Written by Mathy Vanhoef
So, what does this mean? WPA/WPA2 Enterprise and Personal authentication credentials are not compromised. Changing either user passwords or the PSK will not mitigate this vulnerability. This is an issue in how wireless devices or clients handle the key reinstall sent during the 4-way handshake.
As of right now, Windows 7, 10 or iOS 10.3.1 and above are only vulnerable if using an unpatched GCMP configuration. At this time, Microsoft has released a set of patches to address this issue. While GCMP is rarely used, most wireless devices will utilize one of the currently vulnerable WPA implementations. A large amount of the vulnerable devices consists of unpatched versions of Linux and Android; however, some versions of Apple’s software are vulnerable. Apple has developed a set of patches across OSX, WatchOS and TVOS to address this vulnerability that will be available soon. CERT is maintaining a list of affected vendors that also links to each vendor’s current or planned remediation, if released.
Until patched, approach WPA networks with the same caution as an open network at your local café. Since this vulnerability could potentially compromise the encryption of a wireless network, useful countermeasures until patches for specific devices are released include using HTTPS for all websites and/or using a VPN to encrypt all network traffic.
Today, there are no proven signatures that can be used to detect the KRACK attack. However, there are signatures to detect man-in-the-middle or “Evil Twin AP” attacks. These alerts can be used to detect an outside threat but not whether a key reinstallation has occurred. The use of wireless intrusion detection systems and wireless intrusion protection systems (WIDS/WIPS) should be a part of a healthy wireless security practice.
July 13, 2021
Optiv technology consulting services identify gaps and tailor an optimal solution to shore up your cyber defenses.
Let us know what you need, and we will have an Optiv professional contact you shortly.