Tips · 1 MIN READ · BRUCE POTTER · OCT 16, 2017 · TAGS: Alert / Heads up / Vulnerability
Re: the WPA2 vulnerability. Details here: https://www.krackattacks.com. The TL;DR is “don’t flip out.” This is an example of bug marketing and the infosec echo chamber getting way out in front of reality.
Important bits
- There are multiple vulnerabilities. They all generally revolve around data decryption, injection, or replay.
- Attacks must be carried out on individual clients at a time. The attack does NOT affect all clients at once.
- Like any wireless attack, the attacker needs to be in relatively close proximity to execute. This VASTLY limits the attack surface as it’s more costly and risky for an attacker to execute than traditional network-borne attacks.
- Traffic that is otherwise protected is fine (TLS for example). The author makes some broad claims that TLS sessions aren’t secure b/c there are other attacks against TLS. That’s an over generalization. The story is different for local protocols that lack strong encryption.
- Vendors have known about this attack since August. Microsoft has already patched and others have as well. You can track progress here.
- Ultimately, these vulnerabilities are mostly of concern to organizations that are targets of well resourced, highly motivated attackers since attackers have to be close to targets, actively injecting traffic, and then they would have to use that access to exploit some other system in order to gain access. Most organizations do not fall into that category and should patch this vulnerability in their normal patching cycles. No need to go crazy addressing this announcement. You likely have far more pressing matters that will impact the security of your organization more than worrying about KRACK.
- One takeaway from this vulnerability is the importance of the security of higher level protocols. TLS and VPNs run over wireless networks insulate your endpoints from compromises of the network infrastructure. Consider focusing your energies on ensuring your wireless networks run resilient layer 3+ protocols to protect from layer 2 shenanigans.