KRACK new wireless vulnerability attack update
The vulnerabilities explained today and in recent days may have provided some alarm for administrators and the public. As with ALL software and hardware operating systems vulnerabilities will always be inherent so with the advent of ‘Krack’, its unreasonable to stop using wireless indefinitely.
Mitigation will require common sense and adherence to a strategic security plan.
The good news is that major vendors are on to it, already providing patches and firmware updates which have been rolled out or will be available soon.
Unfortunately, the rhetoric that WPA/WPA2 the successor to WEP is now monumentally flawed and can be easily hacked is incorrect and possibly over hyped.
Therefore, if you’re worried about your level of exposure being unusually high, relax it is limited and can be remedied.
Also note the attacker requires more than just rudimentary hacking tools, in fact none exist on the net as yet. The attack execution is complex, difficult and requires a lot of effort which suggests is only worth undertaking with a meaningful target.
At ThinkWireless we concur with this comment from a vendor global advisory “ We always recommend that anyone interested in securing their WLAN network should perform regular audits of their security infrastructure and procedures to ensure everything is in compliance with best practices and vendor recommendations.”
Talk to us if you need assistance [email protected] [09 9720343]
Here’s some quick takeaways
- Vulnerabilities exist on both sides of the 4-way handshake relationship (client and AP), so both sides need to be patched
- Disabling 802.11r can help mitigate the attack by eliminating one source of vulnerability (Fast BSS Transitions, otherwise known as 802.11r roaming).
- Access points affected are likely to be only bridged or Mesh AP’s.
- Windows and IOS clients have fundamental inoculation since they don’t adhere to the 802.11 standard. They don’t allow multiple phase 3 message transmissions in the 4-way handshake. This a key attack vehicle to exploit.
- Patches and updates are widely available to mitigate client and AP vulnerabilities.
Vendor advisory’s links