INFORMATION SECURITY ALERT: RISK Very Low - KRACK (Key Reinstallation Attack)

By: Jeff Gardiner

October 20, 2017

RISK: VERY LOW

SUMMARY

In recent weeks security researchers announced a newly discovered vulnerability dubbed KRACK (Key Reinstallation Attack), which affects several common security protocols for Wi-Fi, including WPA (Wireless Protected Access) and WPA2.  This vulnerability likely affects billions of devices globally.  While concerning and though receiving overblown media coverage it is important to keep things in perspective.

HOW IT EFFECTS US

WTS has confirmed that our wireless infrastructure devices are not vulnerable to the KRACK vulnerability.  Western does not employ 802.11r nor have we configured the uses of WAP to WAP communications (called Meshes). Please note that WiFi clients (computers, smartphones, and so on), as well as non-university WiFi routers, will still need to be updated as vendors release updates/patches.  KRACK does not affect HTTPS traffic (and so important traffic can still be protected), AND KRACK’s discovery does not mean that all Wi-Fi networks are under attack.

PROBEM SIMPLY EXPLAINED

The problem is a security flaw in the WPA2 protocol itself, which could see an adversary break the encryption between a router and a wireless device, allowing the adversary to intercept and interfere with network traffic.  Since Western does not imploy key reinstallation options in our wireless environment, Western’s core infrastructure is not subject to attack (even if other wireless environments/devices) are.

Ref: https://thenextweb.com/security/2017/10/17/krack-explained-like-youre-five-years-old/

REMEDIATION

Now that this vulnerability is known vendors are busy producing patches.  Though Western is not currently employing key reinstallation configurations and so is not affected by this vulnerability, Western’s Network Operations team employs a frequent and proactive patch management regime on critical infrastructure (and so should we all).

If there is a lesson is all of this – it is that patched software and hardware is nearly always much harder to exploit than unpatched software.  For additional details contact WTS helpdesk or security@uwo.ca.


Published on  and maintained in Cascade CMS.