On Oct. 16, researchers announced security flaws in IEEE 802.11 wireless (Wi-Fi®) networks. The flaw appears to affect nearly all wireless clients, and it is usually implemented by the operating system vendor. All major operating systems’ clients are vulnerable, with varying degrees of impact. Specifically, the flaw affects the handshake processes defined in the robust security network association (IEEE 802.11i-2004), or what is commonly known as “Wi-Fi Protected Access 2” (WPA2) from the Wi-Fi Alliance.
The most notable issue is the discovery of flaws in the way the client (supplicant) handles the replay of data packets from the access point (authenticator) during the four-way handshake process. The flaws affect networks using pre-shared keys as well as enterprise networks performing IEEE 802.1X authentication. In most circumstances, an attacker might be able to decrypt arbitrary packets from the victim client. If the transport protocols are secure – such as those employing cryptographic protocols – the data would still be encrypted to the attacker. In some circumstances, attackers might be able to decrypt and inject traffic in networks using older encryption. The mishandling of replayed data packets is both an oversight in strictly specifying the client's state machine in the 802.11 standard, as well as a failure of client software to implement declarative statements in the 802.11 standard.
Additional attacks were found in the PeerKey, group key, and fast basic service set (BSS) transition handshakes as well. Together, the authors of the research refer to these as key reinstallation attacks (KRACKs). These vulnerabilities allow the key stream to be reset and allow cryptographic replay attacks through the reuse of cryptographic nonce values. Reuse of nonce values is prohibited in the protocol, but when poorly implemented by client software, it does not handle this situation appropriately. According to Mathy Vanhoef’s research, the execution of the attacks required a man-in-the-middle attack. The fast BSS handshake does not require a man-in-the-middle attack, so it is even more vulnerable to the KRACK attack. That extra step can be removed, adding to the complexity of this attack.
The authors have been working with major software vendors to fix the flaws over the past several months. Major vendors have already released fixes to their wireless clients. Of the software that is vulnerable, the platforms of most concern are Android™ and Linux™, which rely on the wpa_supplicant client code. The wpa_supplicant was found vulnerable to all of the KRACK attacks and in some versions even allows a key with all zeros to be reinstalled. Client software on Apple iOS™ and Microsoft™ Windows™ operating systems appears to be the least affected, only allowing the group key handshake to be attacked. It is worth noting that the group key, shared by all clients, was already a known concern in WPA2.
Any organization with wireless networks should be concerned. Vanhoef, who discovered the KRACK attack, stated it simply: “… if your device supports Wi-Fi, it is most likely affected.” Several resources exist for organizations to determine if they have been affected. The Carnegie Mellon University Computer Emergency Readiness Team (CERT) offers this list of vendors that might or might not be affected.
Well-managed security programs should be well equipped to handle the challenges posed by these attacks. The WPA2 protocol is still considered the most secure wireless authentication and encryption standard available, and there is little reason to panic.
The Wi-Fi Alliance has already issued a statement and is taking steps to ensure Wi-Fi networks will continue to deliver secure wireless connections. Organizations should begin to inventory their wireless clients and identify vulnerable software. They should also keep an eye on the Common Vulnerabilities and Exposures (CVEs) and affected vendor lists to make sure timely patches are being issued for their devices.
Major software vendors are already releasing software patches to address the attacks against wireless clients. Microsoft has issued a patch and Apple has confirmed that a fix is already in the beta releases for its iOS, macOS®, watchOS®, and tvOS™ operating systems and will be provided in their next release. Patching older Android and Linux clients might prove difficult, and organizations relying heavily on devices running these clients (such as printers, touch screens, televisions, and security systems) should begin to identify these devices and create a plan to manage their risk.
Problems will arise for organizations with a weak patching process. Some clients might not fit into the common patch process, and that will present additional challenges for organizations. The greatest impact will be felt in cases in which a large number of distributed wireless devices are combined with devices that are not easily patched, such as embedded systems, healthcare, industrial control systems (ICS), and supervisory control and data acquisition (SCADA) devices. Planning how to update wireless devices that fall outside an organization's common patching process should begin immediately.
General security recommendations for 802.11 wireless networks have not changed. Organizations should continue taking the following steps:
To address the issues with these latest attacks, organizations should immediately perform the following until a fix is implemented:
For organizations that use WPA (not WPA2), allow TKIP encryption, or allow GCMP encryption, immediate changes may be needed to protect their wireless networks. The context of a network's contents and an organization's ability to secure the network both physically and above the transport layer will also factor in. The use of TKIP is long deprecated, but some organizations continue to allow its use to maintain backwards compatibility with older clients.
Lastly, organizations can take several steps to harden networks and devices to make sure this attack is further mitigated:
In cybersecurity, vigilance is key. Staying abreast of cyberattacks is important, but organizations that take a proactive approach to cybersecurity – instead of only reacting to the latest event – will be better prepared when the next attack hits.
Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.
In accordance with applicable professional standards, some firm services may not be available to attest clients.
© 2018 Crowe Horwath LLP, an independent member of Crowe Horwath International.
As of June 1, 2016, the professionals of AbleBridge have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm. We continue our focus on Microsoft Dynamics® CRM (now Dynamics 365) sales and implementation as well as innovative add-on products.
The personnel of SDGblue have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm with a global risk consulting practice and offices around the world. This move provides SDGblue clients access to a broader range of products, services, and solutions, while expanding the Crowe cybersecurity risk management capabilities with a deeply specialized team.
Looking for the Client Login?
Access the SDGblue Client Portal
As of Oct. 30, 2017, the professionals of Rowbotham International have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm. We continue our focus on domestic and international tax and audit compliance services, as well as advisory services.
The personnel of Tru8 Solutions LLC have joined Crowe Horwath LLP, a public accounting, consulting, and technology firm with a global risk consulting practice and offices around the world. This move provides Tru8 clients access to a broad range of products, services, and solutions, while deepening the Crowe GRC technology expertise to manage risk by better leveraging data and gaining more predictive insight.