A generic background image tangentially related to the post

What you need to know about KRACK attacks

ISG Tech  |  October 19, 2017

Share: Share on FacebookTweet about this on TwitterShare on LinkedInGoogle+

Recently two Belgian researchers from the University of Leuven Vanhoef’s research group published details about an attack that affects all devices that support Wi-Fi (so pretty much everybody). This attack, referred to as KRACK (short for Key Reinstallation AttaCK) targets the third step in a four-way authentication “handshake” performed when your Wi-Fi client device attempts to connect to a protected Wi-Fi network. The purpose of this blog post is to:

  • Help you understand the issue
  • Point you to trusted resources to explain it in more depth
  • Determine how you can protect yourself against it

What is the issue?

Researcher Mathy Vanhoef released information regarding a new attack vector on implementations of WPA2 Wireless networks. This attack utilizes a bug in the WPA2 key negotiation process, and is effective against nearly all current Wi-Fi implementations. As of this writing, patches have only been released for a small number of devices. Fortunately, the work required to exploit this vulnerability is high, and due to the physical requirements of attacking Wi-Fi networks it is less likely to be targeted as an attack vector. Phishing, Internet server vulnerabilities, and similar issues will remain the breach methods of choice.

Who is vulnerable?

Everyone with a wi-fi enabled device.

How can I defend myself?

Patch. More to the point, measure your current vendors by how long it takes them to patch. Throw away gear by those vendors that took a long time to patch and replace it with vendors that took a short time. If you use Wi-Fi for sensitive access, you may want to use a VPN to ensure a second layer of encryption protection.

What is being done?

Patches have already been released from a number of the major manufacturers. ISG is in close contact with our strategic partners to understand these patches. If you need assistance applying them or have any questions or concerns, please reach out to your ISG representative or call 877.334.4474.

The following two tabs change content below.

ISG Tech

Hybrid IT Infrastructure
ISG empowers organizations to realize their full business potential with unique technology solutions that help them connect, protect and innovate like never before. Part of the Twin Valley family of companies and a fourth-generation family business, ISG Technology has grown and evolved into a recognized leader in the area by aligning its success with the long-term success of its clients.
About

ISG empowers organizations to realize their full business potential with unique technology solutions that help them connect, protect and innovate like never before. Part of the Twin Valley family of companies and a fourth-generation family business, ISG Technology has grown and evolved into a recognized leader in the area by aligning its success with the long-term success of its clients.

Posted in Blog
4 comments on “What you need to know about KRACK attacks
  1. Ben Miller, ISG Cloud Network Security Engineer says:

    Additional resources compiled here: http://blog.erratasec.com/2017/10/some-notes-on-krack-attack.html#.WepUNVtSypo

  2. Janice Befort w/Rolling Hills Country Club says:

    Should we restrict WFI use, if possible, until a patch is installed?

    • ISG Tech says:

      Most vendors currently have patches available to correct the KRACK vulnerability. Also, remember that it’s critical to update your client devices (phones, laptops, etc.) as well as the wireless infrastructure itself. As always, be cautious when using open wifi at places like hotels and airports.

      If your wireless infrastructure has not already been patched or if any assistance is needed, please contact the ISG Service Desk at 866-915-1197.

  3. Should we restrict WFI usage until a patch is install?

Menu