Information on the KRACK vulnerability
As you may have seen in the news, a widespread vulnerability in Wi-Fi networks was revealed last Monday. This vulnerability allows hackers to decrypt and potentially see what people are doing online. The reason this security vulnerability is so worrying, and why it has drawn so much interest, is that most people want to assume that their local Wi-Fi network is a trusted environment.
publish date: October 27, 2017
The vulnerability is called KRACK, for Key Reinstallation Attack, and it works against all Wi-Fi Protected Access (WPA, more commonly WPA2) networks. Depending on the network configuration, the attack also makes it possible to inject and manipulate data, and to inject ransomware or other malware into websites. It is reported that KRACK can affect almost any device that uses Wi-Fi, and that it is particularly severe for Android and Linux users.
To prevent the attack, users must update affected products as soon as security updates become available. It is recommended that users be wary of using Wi-Fi at all until patches are widely rolled out. Most manufacturers are actively responding to this new threat by pushing out updates, which should help close the vulnerability. Devices such as laptops and smartphones, as well as routers, will all require updates.
The US Computer Emergency Response Team (CERT) has released an advisory, which notes a number of affected vendors, and a range of vendors have promised that updates are already available or will be soon. A partial list of these vendors includes NETGEAR, Belkin, LinkSys, D-Link, Broadcom, etc..
- Microsoft has already released patches to address this.
- Cisco has published a security advisory to detail which products are affected, and a blog to help customers better understand the issue. Fixes are already available for select Cisco products, and additional software fixes for affected products will continue to be made available as they are developed.
- Intel also released an advisory and is "working with customers and equipment manufacturers to implement and validate firmware and software updates that address the vulnerability."
- Apple confirmed it has a fix coming for its Mac and iOS operating systems that's currently in the betas for its next software updates. Those will land in the next few weeks.
Early research indicates that truly remote attacks probably won't be possible with this hack alone. In the most likely attack scenario, the hacker would have to directly connect to the Wi-Fi access point, and so would need to be within physical proximity of the device, generally within a few hundred feet.
For Intellicom customers with a managed server agreement, the Microsoft patch(es) related to this vulnerability either already have been, or will be, installed during your regular, agreed-upon maintenance window(s) unless we’ve been given specific instructions to exclude or hold off on deploying these patches (due to 3rd party app concerns). Same for customers with a managed workstation agreement. If you do not currently have a managed agreement with us to patch your servers and/or workstations, we invite you to contact us.
Keep in mind Microsoft is only one of the affected vendors. To assure that patches released by other vendors (e.g. Cisco, Apple, etc.) are deployed to your affected devices, please email [email protected] with the word, “security” in the subject line and we will assign an engineer to reach out to you to review your network and make recommendations to mitigate against this vulnerability.
The Intellicom Team