A critical WiFi security flaw has been discovered by security researchers in Belgium. The WPA2 WiFi vulnerability can be exploited using the KRACK (Key Reinstallation attack) method, which allows malicious actors to intercept and decrypt traffic between a user and the WiFi network in a man-in-the-middle attack. The scale of the problem is immense. Nearly every WiFi router is likely to be vulnerable.
Exploiting the WPA2 WiFi vulnerability would also allow a malicious actor to inject code or install malware or ransomware. In theory, this attack method would even allow an attacker to insert malicious code or malware into a benign website. In addition to intercepting communications, access could be gained to the device and any connected storage drives. An attacker could gain full control of a device that connects to a vulnerable WiFi network.
There are two conditions required to pull off KRACK– The WiFi network must be using WPA2-PSK (or WPA-Enterprise) and the attacker must be within range of the WiFi signal.
The first condition is problematic, since most WiFi networks use the WPA2 protocol and most large businesses use WPA-Enterprise. Further, since this is a flaw in the WiFI protocol, it doesn’t matter what device is being used or the security on that device. The second offers some protection for businesses for their internal WiFi networks since an attack would need to be pulled off by an insider or someone in, or very close to, the facility. That said, if an employee was to use their work laptop to connect to a public WiFi hotspot, such as in a coffee shop, their communications could be intercepted and their device infected.
In the case of the latter, the attack could occur before the user has stirred sugar into his or her coffee, and before a connection to the Internet has been opened. That’s because this attack occurs when a device connects to the hotspot and undergoes a four-way handshake. The purpose of the handshake is to confirm both the client and the access point have the correct credentials. With KRACK, a vulnerable client is tricked into using a key that is already in use.
The researchers explained that “our attack is exceptionally devastating against Android 6.0: it forces the client into using a predictable all-zero encryption key.” The researchers also pointed out, “Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can be bypassed in a worrying number of situations.”
The disclosure of this WPA2 WiFi vulnerability has had many vendors franticly developing patches to block attacks. The security researcher who discovered the WPA2 WiFi vulnerability – Mathy Vanhoef – notified vendors and software developers months previously, allowing them to start work on their patches. Even with advance notice, relatively few companies have so far patched their software and products. So far, companies that have confirmed patches have been applied include Microsoft, Linux, Apple, and Cisco/Aruba. However, to date, Google has yet to patch its Android platform, and neither has Pixel/Nexus. Google is reportedly still working on a patch and will release it shortly.
There is also concern over IoT devices, which Vanhoef says may never receive a patch for the WPA2 WiFi vulnerability, leaving them highly vulnerable to attack. Smartphones similarly may not be patched promptly. Since these devices regularly connect to public WiFi hotspots, they are likely to be the most vulnerable to KRACK attacks.
While the WPA2 WiFi vulnerability is serious, there is perhaps no need to panic. At least, that is the advice of the WiFi Alliance – which co-developed WPA2. “There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections.” The WiFi Alliance also explained, “Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member.”
The UK’s National Cyber Security Center pointed out that even with the WPA2 WiFi vulnerability, WPA2 is still more secure than WPA or WEP, also explaining that there is no need to change WiFi passwords or enterprise credentials to protect against this vulnerability. However, businesses and consumers should ensure they apply patches promptly, and businesses should consider developing policies that require all remote workers to connect to WiFi networks using a VPN.
Improve WiFi Security with WebTitan Cloud for WiFi
Whether you have a WiFi network in the workplace or you provide free or paid WiFi to your customers, it is important to implement a WiFi filter to exercise control over the activities that can be conducted while connected to the network. One of the most important reasons for implementing a WiFi filter is to prevent users from visiting malicious websites – Web pages set up by threat actors for malware distribution or for hosting phishing kits. A WiFi filter will prevent known malicious websites from being accessed, can be used to block downloads of risky file types, and controls can be applied to restrict access to illegal or undesirable web content.
WebTitan is a 100% cloud-based WiFi filtering solution that can be quickly and easily implemented to provide protection against web-based threats and give WiFi providers control over the content that can be accessed while connected to the network. The solution is highly scalable and can be used to protect any number of WiFi hotspots, all of which can be managed through an intuitive web portal.
If you do not have a WiFi filter in place, or if you are unhappy with the performance or cost of your current WiFi filter, give the TitanHQ team a call and inquire about WebTitan. WebTitan is available on a free trial and a product demonstration can be arranged if you would like to see the solution in action.
Some of the key benefits of WebTitan Cloud for WiFi are listed below:
- Filter the Internet across multiple WiFi hotspots
- Create a family-friendly, safe and secure web browsing environment
- Manage access points through a single web-based administration panel
- Delegate management of access points
- Filter by website, website category, keyword term, or keyword score
- Block material contained in the child abuse image content URL list (CAIC List)
- Upload blacklists and create whitelists
- Reduce the risk of phishing attacks
- Block malware and ransomware downloads
- Inspect encrypted websites with SSL certificates
- Schedule and run reports on demand
- Gain a real-time view of internet activity
- gain insights into bandwidth use and restrict activities to conserve bandwidth
- Time-based filtering controls
- APIs allow integration with existing systems
- Multiple hosting options, including within your own data center
- Can be supplied as a white label for MSPs and resellers
- World class customer service
- Highly competitive pricing and a fully transparent pricing policy