Wi-Fi Security and KRACK

Posted by Timothy Platt on Oct 18, 2017


Wi-Fi Security – What is the New KRACK Attack and How Serious Is It?

WiFi - The 802.11 family of standards defines Wi-Fi for multiple devices.
Earlier this week, a security researcher publicly disclosed a serious security vulnerability in the 802.11 WPA2 Wi-Fi protocol – this is the Wi-Fi protocol used by every modern device. The attack methods (there are multiple) used to exploit this vulnerability are being called KRACKs (Key Reinstallation Attacks). Because this is a vulnerability in the underlying protocol, and not just a bug, it means nearly every Wi-Fi device in existence is vulnerable to one or more of these attacks.

How serious is this? It’s serious, because of the broad range of devices that are vulnerable.

What computers or devices are affected?

As mentioned above nearly every device that uses Wi-Fi is vulnerable. This includes: Windows computers, Mac computers, Linux computers, iOS (iPhone, iPad), Android (Phones and tablets), Wi-Fi Access Points and Routers, and IoT (Internet of Things) devices – such as Wi-Fi enabled security cameras and thermostats.

Long story short – if it’s got Wi-Fi in it – it’s probably vulnerable.

What Can an Attacker Achieve with KRACKs?

KRACKs - the Key Reinstallation Attacks that endanger nearly every device using WPA2 Wi-Fi
Firstly, a few caveats. In order to exploit this flaw an attacker would need to be on your Wi-Fi network – so they have to be close. They cannot exploit this from afar over the Internet. Secondly, the code to perform the attack is not publicly released, but now that the information is out, you can expect that the code and attack methods will be re-created and put in use by cyber-criminals. And lastly, devices that don’t have Wi-Fi can’t be directly attacked.

What can an attacker achieve? With the right attack code, an attacker can achieve a “Man In The Middle” (MITM) position and intercept the Wi-Fi traffic from the targeted device. Anything transmitted over the network and not protected by encryption (such as non-HTTPS websites) could then be viewed by the attacker. It’s also possible for an attacker to disable HTTPS for certain websites – where the HTTPS implementation isn’t 100% correct – so ensuring you are only connecting to HTTPS websites isn’t a fix.

Remember this is not just a flaw in your Wi-Fi Access Point (WAP) or Router, it’s a flaw in Windows, Mac, iOS, and Android devices – so an attacker can potentially access information you are typing into your computer or phone, and transmitting over the network.

What Can We Do About This?

Here’s where things start to look a lot less gloomy. Firstly, this is a big problem – and software and hardware vendors are already providing fixes – they just have to be applied.

Ultimately to fix this problem, every device with Wi-Fi is going to need to be updated with a vendor provided fix, or it’s going to have to be taken out of use. You’re going to need to update all your desktops and laptops, your network devices with Wi-Fi, and your IoT devices with Wi-Fi.

For major operating systems, as of Wednesday, Oct 18:

For Wi-Fi Access Points and Routers – many vendors have already created fixes and made them available. In many cases there are workarounds as well, such as disabling features like 802.11r (Fast Roaming). WAPs and Routers will only be vulnerable in certain circumstances, so it’s more important to patch everything that acts as a Wi-Fi client first, in my opinion.

For IoT devices – you’ll need to consult with the manufacturer. Hopefully the device will have upgradable firmware. Some of the very cheapest IoT Devices do not, and therefore should probably be taken offline permanently. In general, all hardware and devices have bugs and security fixes, and you should never incorporate something in your network that isn’t upgradable.

Lastly, as with all updates – test on a small group of devices first, and know how you can back out the update – if other problems arise. This is a best practice anytime you update any device.

If I Can’t Update Immediately What Can I Do?

Free WiFi - It's convenient, but may open your computer to attacks.

To mitigate the attacks until you can update, do one or more of the following:

Get Help from the Security Experts

We hope this information has been helpful. Your situation and unique requirements will need specific assessment. And remember, we’re here to help. We can assess and advise on your current state of Wi-Fi security, and help close the issues.

Contact VO for security help now

IT Support by Virtual Operations

Virtual Operations provides IT support for small businesses in the Orlando and Central Florida area. Our managed IT services offering provides the expertise and quality care your small business needs. Please contact us today to find out how we can help with your computer support and network support needs.

Photos & Graphics

Free Wi-Fi photo credit: m.gifford via photopin (license)

KRACK logo courtesy of krackattacks.com


Like To Learn More? Send Us A Message or call direct 407.268.6626

Back to Blog

Sign up for free and be the first to know about updates

Subscribe to Email Updates

It appears you are viewing this site through an obsolete web browser.

This site was built to comply with modern web standards and relies on features unavailable in browsers that are out of date.

You can learn more about your browser here. And you can learn more about modern web browsers here.

To hide this notice, click here.