Earlier this week, it was disclosed that the WPA2 WIFI protocol has a weakness. Any device that supports WIFI connectivity uses this protocol that is responsible for WIFI security. In a nutshell, this means every device with WIFI capability has the vulnerability and is susceptible to an attack.
The flaw has been dubbed as KRACK and was discovered by a security researcher, Mathy Vanhoef of imec-DistriNet, KU Leuven. KRACK is an initialism of key reinstallation attacks. KRACK is also a novel attack which the security researcher used to launch the attacks against the WPA2 protocol. Although this vulnerability has come as a surprise to many, most vendors had already been informed for about 3 months ago.
How the attack works: KRACK vulnerability explained
An attacker within range can use key reinstallation attacks to exploit weaknesses in the WPA2 protocol. The vulnerability and the attack rely on what is known as a “Handshake.” The Handshake happens when a device tries to connect to a Wi-Fi source such as a router. It’s during this Handshake that the router and the device agree on a session key; a key used to secure the communication between them. All this is done in a 4-way dialogue.
In details, the researcher wrote “the handshake is used to confirm that both the client and access point possess the correct credentials (e.g. the pre-shared password of the network). At the same time, the 4-way handshake also negotiates a fresh encryption key that will be used to encrypt all subsequent traffic. Currently, all modern protected Wi-Fi networks use the 4-way handshake. This implies all these networks are affected by (some variant of) our attack. For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES.”
According to the researcher, if an attacker is within range, he/she can trick the victim to reinstall the live key by using a modified version of the original handshake. In this process, the attacker can change values which will, in turn, make the encryption weaker and allow further attacks.
Countermeasure developments
To patch the vulnerabilities, the researcher has recommended that you update your devices as soon as updates become available. Give priority to the devices that you often use as they are the centre of any attack. Affected devices include; Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others. Android and Linux devices are the most affected, the researcher said the attack against them was catastrophic.
Tech companies such as Microsoft, Apple and Google are currently developing a patch that will fix the bug in their devices. The patch is likely to be released in the coming weeks. The android realm will, however, take longer to get the patch except for the Google devices. This is because of the implementation process by the manufacturer which takes long. On the other hand, routers are not that vulnerable, but an update to their firmware is also necessary.
What will happen if you don’t update
Although the execution process is complicated, the results will be devastating if an attacker singles you out. You might try to mitigate the attacks against routers and access points, but the attackers might finally catch up with you. So, what happens if you don’t apply the patches? Simple, the CIA triad will be breached. That’s, the attackers will compromise your Confidentiality, Integrity and Availability (CIA) of your information. That means you will have no privacy and your information will not be secure anymore.
Using the KRACK attack, attackers will be able to access, read and modify information that you presumed to be safely encrypted. They might then steal your sensitive information such as passwords, chat messages, credit card numbers, emails, photos, and any information that will be beneficial to them. Not only breaching the CIA triad, but attackers can also inject and manipulate data. i.e. an attacker might be able to introduce ransomware or other malware into websites and to your devices.
Importance of staying secure on the internet
Staying secure on the internet ensures that the CIA triad is not breached and hence you don’t fall victim to a lot of other vulnerabilities. It also ensures that you are not used to propagate further attacks to secure systems as attackers usually target one weak client and make it a zombie. They will control everything remotely from their side and ensure more attacks as it will take longer to identify the source. Staying secure has the following benefits;
You’ll have your privacy – Staying secure ensures that your personal information will not be stolen. Personal information may help attackers and hackers to steal your identity and implicate you in everything they do. You can ensure your personal information is not stolen by not giving too many details about yourself online, especially on websites that don’t use https. Even in social media, a status update or a photograph is giving out many details and can make you susceptible to vulnerabilities such as cyberbullying. On a public WIFI, ensure you use extra measures such as a reputable VPN. This is because attackers may disguise a fake website to look like a legitimate one. Unsuspectingly, you will end up keying in and literally giving them all your info.
Your contact details won’t be stolen – Your contact details such as emails can be used to easily propagate and launch more attacks. To ensure more security, don’t open emails attachments or click on embedded links. If you do so, you might end up activating a ransomware, or the links might directly land you to a malicious website. You should treat your email as part of your personal information.
Your digital assets and finances will be safeguarded – how much do you value your money? Probably so much. Nowadays, through online banking and other forms of online payments such as credit cards, it’s easier to handle finances digitally. And this is where attackers might attempt to steal it, digitally. Although banks do a series of verifications and authentications, it won’t help if attackers have all of your info. You should be keen when making online payments; ensure you are on a secure network and you know the site very well. Read reviews of new sites to get an insight if they are safe.
Your data integrity will be secure – your computer might have crucial files, i.e. blueprints about something, files on your new inventions and other information you regard to be critical. If you are on the internet and you are not secure, your device might be infected with malware and viruses which might destroy, modify or steal your data.
In general, it’s better to stay secure when you are on the internet. Also update your devices as soon as you get the patch for KRACK. With the vulnerability lying around, nothing is secure even if you use further security mechanisms.
