KRACK – the latest threat to connected devices
Posted on: 08 November 2017
- Newly discovered wireless security vulnerability, KRACK, could allow a hacker (in Wi-Fi range) to intercept your internet communications, including passwords and credit card details.
- Businesses and individuals can help protect themselves by following some straightforward security steps.
The risks posed by connecting to open and unprotected Wi-Fi networks have been known for several years now. Since 2004, it’s been possible to secure Wi-Fi networks and this has eased concerns about snooping.
This is thanks to the WPA2 (Wi-Fi Protected Access II) protocol, a specification for wireless network security that safeguards your online activities. These access points are most often found at businesses premises and in public Wi-Fi hotspots – you probably come across these most often in cafés or when using public transport.
A new threat
KRACK (Key Reinstallation Attack) takes advantage of a recently discovered vulnerability in WPA2 that lets hackers break encryption shielding connections.
If someone were to do this to your connection, they’d be able to tamper with the traffic of data between your device and the wireless internet router it is connected to. It would then be possible for them to extract sensitive information like login and banking details. Additionally, they could modify the exchange of requests going between the router and your device so that you get presented with ‘imposter’ webpages which trick you into sharing data or allowing access to your device.
- A hacker finds they can get in range of a business’s Wi-Fi signal and waits for someone in the business to start a connection.
- A worker’s device sends a connection request to the router, starting a process called the 'four-way handshake' which confirms the provided password is correct (or not).
- During the 'four-way handshake', the hacker silently intrudes at a particular stage. This gives them a viewpoint and the ability to decrypt the traffic being exchanged over the Wi-Fi between the router and the worker’s device.
The hacker hasn’t needed to connect to the Wi-Fi themselves at any point.
They’re now able to listen to traffic going from the router to the device and back again, meaning they could pick out sensitive information, like login details.
They can do more than listen though. The hacker could take out a packet of information being sent from the router to the device and substitute it with a different packet, and vice versa. By swapping out packets, they can swap in their own packets of forged or modified information that interferes with the content of non-secure websites, injecting malware that the user then unwittingly downloads.
So, should everyone stop using WPA2?
No. The advice is to continue using WPA2 to protect your connections; it is still the best option to secure your device and activity. When connecting to a public network, you can be sure it has WPA2 if there’s a padlock next to the network’s name – often overlapping the icon displaying signal strength.
You can make your Wi-Fi network a less tempting target, for all sorts of attacks – not just KRACK, by password-protecting it.
How to defend your devices against this threat
The good news is that KRACK was discovered by a researcher (Mathy Vanhoef from the University of Leuven) with honest intentions. So instead of victims knowing about it first, manufacturers were told months before the public and they’ve had a head-start on developing fixes.
On top of avoiding unprotected Wi-Fi connections, users must ensure that all devices are updated as soon as any updates become available. These updates will often contain security patches which resolve flaws, such as KRACK, or provide defence against new and emerging threats.
For businesses, it may be worth reminding workers to shut down their computers at the end of each day, instead of leaving them on standby overnight, as it’s usually during the boot process that updates are installed. While issuing this reminder, it could also be mentioned that no one should ever use an unsecured Wi-Fi connection (during external business meetings, for instance).
What should I tell my customers?
Help businesses and individuals protect themselves against KRACK and other cyber threats by reiterating how important it is to use secure internet access points and install system and software updates as soon as possible during your discussions with them.
In addition, Allianz Commercial policyholders can:
- Complete the Allianz Cyber Risk Assessment, developed in partnership with IT Governance, to identify potential vulnerabilities in their IT infrastructure and get the option to apply for Cyber Essentials Certification.
- Get discounted rates on cyber security consultation and services from InteliSecure.
You can find out more about KRACK on its discoverer’s website: krackattacks.com.