You may have read this morning about a reported potential vulnerability in some Wi-Fi networks, known as KRACKs.
Our first analysis indicates that via KRACKs, an attacker within range of a device could potentially intercept, decrypt and read data that has supposedly been securely transmitted over a ‘protected’ Wi-Fi network. In some cases, the attacker may also be able to inject or manipulate that data, e.g. with malware such as ransomware.
We believe that KRACKs exploits weaknesses in the WPA2 protocol’s 4-way authentication ‘handshake’, and allows an attacker to deceive a device into reinstalling an already-in-use encryption key. As the vulnerability is within the WPA2 protocol, it’s likely to affect the majority of corporate and home Wi-Fi networks.
Our senior security consultant, Anthony Webb advises
“This is a very serious issue and, since the WPA2 protocol is used in most Wi-Fi networks, the impact is likely to be very widespread. Most firms will be unable to protect themselves immediately, as it will be the device and software vendors that will need to release patches and/or firmware updates. It’s possible that in some cases vendors will choose only to incorporate a fix into new devices, rather than issuing patches for those not subject to ongoing support”.
However, we advise that an attacker would need to be physically reasonably close to the network to exploit the issue. Therefore, maintain extra vigilance of any unknown individuals lurking in or around buildings or reception areas. This is especially important for companies in crowded or busy locations. Additionally, given that the main attack is against client devices, not access points, we advise you to contact your device vendors to request a patch ASAP. Finally, we advise against downgrading to WEP, as it is less secure than WPA2.
We will keep you posted of further developments, and if you would like to speak with our team for more information, please don’t hesitate to let us know