There has been a lot of media attention around the recently discovered WPA2 vulnerability, and the potentially devastating security affects it could have on every Wi-Fi network and device that has ever connected to one.
Discovered by a researcher from the University of Leuven, this universal vulnerability affects the protocol that protects modern Wi-Fi networks and leaves all major devices susceptible to attackers. With the potential for attackers to decrypt traffic and inject data to manipulate systems, the most serious implication of the attack allows sensitive data such as passwords, credit card details and confidential business information, to be intercepted.
With these potential attacks being referred to as a ‘Krack attacks', businesses across the globe have gone into overdrive in a bid to protect their information from potential attackers. However, despite the seriousness and large-scale potential of a Krack attack, now is not the time for organisations to panic about quickly fixing their networks.
Keep calm and carry on
Contrary to popular belief, information isn't yet at a high risk of being stolen through a Krack attack. But with the potential severity and global reach of the vulnerability, you might be wondering how this is the case?
First and foremost, any attacker looking to target an organisation needs to be within range of the targeted Wi-Fi network, meaning organisations aren't immediately vulnerable to everyone on the internet.
Alongside this, the increased use of HTTPS is making it difficult for those who have gained access to an organisation's Wi-Fi network to effectively intercept and decrypt sensitive data. Correctly configured HTTPS makes an attack of this nature more complex and time consuming for attackers and adds an extra layer of security for businesses. In the short-term, business leaders also need to ensure they are protecting their organisations through encryption (TLS VPN etc). While the encryption of sensitive information may be common practice for many, it further protects against a Krack attack by securing traffic across a network, making it harder for opportune attackers to monitor it.
While the likelihood of an actor being within range of their target's Wi-Fi network to launch a Krack attack might be unlikely, organisations need to be aware of, and take action to protect against, potential malicious actors participating in Wi-Fi reconnaissance activities such as war driving – where attackers locate Wi-Fi access points for potential targeting.
At the moment, the difficulty in launching a Krack attack and the requirement for an attacker to be in close physical proximity to a network means there has yet to be any attributed attacks of this kind. Organisations however, need to be aware that potential attackers don't necessarily have to be professional or vastly experienced to target them, as the very nature of this vulnerability allows anyone to read traffic from mobile and laptop to Wi-Fi devices.
Those thinking about exposing the WPA2 vulnerability however will have a motive – namely, the collection of sensitive business information which could either collapse a company, or allows them to request a cash incentive for its safe return. Despite the unlikelihood of a successful Krack attack being carried out, organisations still need to ensure their networks are physically protected from attack vectors such as dead-drop boosters and war driving through ‘defence in depth'. By layering numerous security controls throughout their IT system, organisations will be less vulnerable to these methods and more confident that their corporate data is secure.
Kracking the code
Given the aforementioned limitations and the speed at which vendors are moving to develop security measures, a widespread exploitation of the WPA2 vulnerability is highly improbable. That doesn't mean that businesses can rest on their laurels however.
While fixing a network from a Krack attack at this stage is hard due to a lack of security updates, it is recommended that devices are fixed with the requisite updates as and when they become available. By ensuring their IT and security teams are on the ball and responding in a timely fashion when these updates are released, organisations can quickly and efficiently protect themselves.
Alongside this, the discovery of this vulnerability may spawn the development of some implementation standards for Wi-Fi connected devices, whether it be in the form of software, hardware or firmware. Organisations need to keep an eye out for these future processes and ensure their Wi-Fi networks adhere to them when they are released. By putting all these measures (including defence in depth) in place, businesses can protect themselves against a potentially devastating attack.
Contributed by Joep Gommers, CEO, EclecticIQ
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.