KRACK Attack – WIFI vulnerability – What does it mean to you?

KRACK Attack – WI-FI vulnerability – What does it mean to you?

 

You may have seen in the press that a vulnerability has been identified against the WPA2 Wireless encryption protocol. So what is this vulnerability and what does it mean to you?

Security researchers have discovered a number of vulnerabilities in the WPA2 (WI-FI Protected Access II) protocol. These vulnerabilities may allow attackers gain access to private transmitted data traversing your wireless network.

KRACK, Key Re-installation Attack, has been able to demonstrate the ability to un-encrypt wireless communication on multiple platforms, including Windows O/S, Apple IOS, Android and Linux.

So far the following protocols are vulnerable to the attack:

  • WPA
  • WPA II
  • WPA-TKIP Cipher
  • AES-CCMP
  • GCMP

The flaw is not in the cryptography underlying WPA2 or its predecessor, WPA. Rather, it’s in the implementation. When communicating with a client device to initiate a Wi-Fi connection, the router sends a one-time cryptographic key to the device. That key is unique to that connection, and that device. This is so that a second device on the same Wi-Fi network can’t intercept and read the traffic to and from the first device to the router, even though both devices are signed into the same Wi-Fi network.

The problem is that that one-time key can be transmitted more than one time. To minimise connection problems, the WPA and WPA2 standards let the router transmit the one-time key as many as three times if it does not receive an acknowledgement from the client device that the one-time key was received.

Because of that, an attacker within Wi-Fi range can capture the one-time key, and, in some instances, even force the client device to connect to the attacker’s bogus Wi-Fi network. The attacker can use the one-time key to decrypt much of the traffic passing between the client device and the router.

 

So what does this mean to you

Many vendors have already issues patches to mitigate this security vulnerability. Users are recommended to update/apply patches to their WI-FI enabled equipment. This includes routers, user devices and smartphones.

Password’s – An easy ticket into your organisation

With the ever changing security landscape, protection and compliance are high on the radar for most organisations. One area that gets forgotten in the battle against cyber threats, is authentication methodology, and more specifically why removing password authentication should be high on the priority list

Recently Microsoft announced some damning statistics around password authentication. For example, did you know that 63%* of all confirmed data breaches involved weak, default or stolen passwords. In addition to that statistic, did you know in a recent survey more than 25%** of employees would consider selling their password for less than £100

Pretty damning stuff wouldn’t you agree

So what can be done about this?

Multi-factor authentication is something you will start to hear more and more. The ability to authenticate against corporate environments using a multitude of methods will soon become the norm. Rather than enforcing strict password policies at an organisational level, or relying on users to adhere to password policies, utilising facial recognition, bio-metric scanning or token based authentication will enhance your security profile

Microsoft’s Azure AD can enhance this further by providing password management of a number of third-party applications and websites. By authenticating against an Azure AD platform using your chosen method of authentication, this can maintain security to SalesForce, Twitter, SAP and many more. This will prevent users having to maintain password based authentication for their other applications, and allow this security model to be maintained and control by centralised IT. Imaging Single Sign On across workloads using Multi-Factor authentication.

* figures provided by Microsoft at the Microsoft Tech Summit  2017

**figures provided ATLAS Sailpoint 2016 Market Pulse Survey. Survey polled 1000 people of which half work for a company with more than 10,000 employees