Wireless Hack

By:  |  Category: Blog, Security Monday, October 23rd, 2017  |  No Comments

In the world of cybercrime, too often businesses are left in a reactive stance vs a proactive one. Fortunately, at EnhancedTECh we do our best to stay on the offense. Before the news broke on the WPA wireless hack, our team of engineers was hard at work patching and updating to ensure your companies trusted data was kept safe.

Others were not so lucky.

A widespread vulnerability affecting practically everyone and everything that uses Wi-Fi was revealed  last week, allowing hackers to decrypt and potentially look at everything people are doing online.

Researcher Mathy Vanhoef, from Belgian university KU Leuven, released information on his hack, dubbing it KRACK, for Key Reinstallation Attack. Vanhoef’s description of the bug on his KRACK website is startling: “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”

What’s behind the vulnerability?

It affects a core encryption protocol, Wi-Fi Protected Access 2 (WPA2), relied on by most Wi-Fi users to keep their web use hidden and secret from others. More specifically, the KRACK attack sees a hacker trick a victim into reinstalling an already-in-use key. Every key should be unique and not re-usable, but a flaw in WPA2 means a hacker can tweak and replay the “handshakes” carried out between Wi-Fi routers and devices connecting to them; during those handshakes, encryption keys made up of algorithmically-generated, one-time-use random numbers are created. It turns out that in WPA2, it’s possible for an attacker to manipulate the handshakes so that the keys can be reused and messages silently intercepted.

Android and Linux users are particularly susceptible. The attacks on Google’s Android are made simpler by a coding error, where an attacker will know the key just by forcing a reinstallation. That’s because the operating system uses what’s known as an “all-zero encryption key” when the reinstallation is initiated, which is easier to intercept and use maliciously.

As for how widespread the issue was, it appears almost any device that uses Wi-Fi is affected. “The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others are all affected by some variant of the attacks,” explained Vanhoef.

What to do?

If you don’t use our managed security offerings give us a call so you stay on top of this.

For home users, devices such as laptops and smartphones will require updates as well as routers. Indeed, Vanhoef said it’s more urgent for general users to patch their personal devices, whether phones, PCs or any smart device, be they watches, TVs or even cars. He recommended users get in touch with the relevant vendors to find out when patches are coming.

Given the range of devices affected, it’s almost guaranteed patches won’t make it to everyone. The US Computer Emergency Response Team (CERT) has released an advisory, which notes a number of affected vendors, including Cisco, Intel and Samsung, amongst many other major tech providers.

Microsoft confirmed it had rolled patches out already: “We have released a security update to address this issue. Customers who apply the update, or have automatic updates enabled, will be protected.”

Cisco also said it had published a security advisory to detail which products are affected, and a blog to help customers better understand the issue. “Fixes are already available for select Cisco products, and we will continue publishing additional software fixes for affected products as they become available,” a spokesperson said.

Intel confirmed it was “working with its customers and equipment manufacturers to implement and validate firmware and software updates that address the vulnerability.” It also released an advisory.

And Apple confirmed it has a fix coming for its Mac and iOS operating systems that’s currently in the betas for its next software updates. Those will land in the next few weeks.

Some good news

There’s some good news: truly remote attacks won’t be possible with this hack alone. In the most likely attack scenario, the hacker would have to directly connect to the Wi-Fi access point, and so would need to be within physical proximity to the device (possibly up to a few hundred feet away depending on whether they had access to antennas to extend their reach). “This attack doesn’t scale,” noted Alan Woodward, encryption expert from the University of Surrey. “It’s a very targeted attack. Not like we’re all going to be hit as attackers can only be in so many Wi-Fi zones at once.”

But Woodward did have words of caution, especially for businesses: “The reason this is so worrying, and why everyone is so interested, is that many (including large organizations) assume their [local Wi-Fi network] is a trusted environment. For example, some don’t require authentication on network resources. If that boundary is now easily breached then there would need to be a lot of rethinking about threat models.

“This is the sort of flaw that the security community dreads: it is not about a single vendor having messed up a particular implementation but rather a fundamental flaw in the way the protocol was specified. Even those that have implemented the standard correctly will have baked in this flaw.”

For those users whose routers, PCs and smartphones don’t yet have updates, there are some measures they can take to protect their online privacy. A Virtual Private Network (VPN) software could protect them, as it will encrypt all traffic. Only using HTTPS encrypted websites should also benefit the user, though there are exploits that can remove those protections. Changing the Wi-Fi password won’t prevent attacks, but it’s advisable once the router has been updated.

Give EnhancedTECH a call if you need help patching and updating your wireless technology. Call us at 714-970-9330 or contact us at [email protected]


source image: https://www.pexels.com/photo/person-touching-open-macbook-on-table-839465/

Leave a Comment
Read previous post:
How to develop a backup storage plan for your business

With storage cheap and plentiful, SMBs process more data than ever before. It also means that loss of such data...