From KRACK to RedBoot, these are dangerous times for networks!

Last week was my first introduction to KRACK WiFi vulnerability as reported by SonicWall Security Center. They revealed that is new vulnerability is "mainly on the client devices rather than routers" and was discovered to impact the WAP2 protocol. Researcher Mathy Vanhoef found that due to "a weakness on key exchange between the client and wifi access point, an attacker cold decrypt or forge network packets, in certain cases." He goes on to say that it is even possible the attacker could "install all-zero key on the client side", thus causing a huge threat to the network's security.

Let's discuss how this vulnerability is enabled. First, it is "triggered during the key negotiation when a vulnerable host joins wifi network. The key exchange protocol is a 4-way handshake procedure, after which a symmetric key will be negotiated and used for traffic encryption. Because the messages may be lost or dropped, the wifi access point will retransmit the 3rd message if it did not receive an appropriate response as acknowledgment. As a result, the client may receive the message 3 times. Each time it receives this message, it will reinstall the same encryption key and reset the incremental transmit packet number and receive replay counter used by the encryption protocol." This retransmission allows the packet to be replayed, decrypted or forged.

The Silver Lining

Ken Colburn, CEO of Data Doctors Computer Services writes, "there are a few hurdles that will make this exploit more difficult to pull off. First off, the hacker would need to be near enough to you to access your Wi-Fi signal, so it eliminates the remote hacking options that the skilled underworld prefers. This exploit primarily takes advantage of interactions with unsecured sites (http://), so whenever you see https:// in the website you’re accessing or you use a secured app on your phone, there is yet another layer of security that they would have to break.

The security researcher also notified companies ahead of the public announcement, so updates from Microsoft and Apple have already created updates for the exploit."