KRACK Attack: What it is and how to stay safe
If you’ve heard the recent news about a newly uncovered vulnerability in wireless networks, you may be wondering what it was, how it may impact you, and what NetFire has done to ensure their clients’ safety. This post explores each of these important points.
All modern wireless networks use the WPA2 security protocol for protection. However, an attacker within range of a victim can use key reinstallation attacks (KRACKS) to spy on sensitive information such as credit card numbers, emails, and more.
From the KRACK website:
“In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.”
Most importantly, these weaknesses are not limited to certain products or vendors – all implementations of WPA2 are likely vulnerable, making it critical that all users update their products as soon as security updates are available.
What does this mean for me as a NetFire customer?
At NetFire, we take your data security seriously. Our customers with managed networks can rest easy, as our Security team deployed the required updates to managed devices as soon as they became available.
If you have any further questions about these developments, connect with us.