What is KRACK
Recently, researchers were able to create working proof-of-concept code allowing for exploitation of some of the strongest wireless security currently in existence. Previously thought only as theoretical, the attack, code-named KRACK, exploits flaws in the WPA2 protocol’s cryptographic implementation. While the research notes that Android is the most vulnerable operating system, it is crucial to understand that ALL major operating systems are vulnerable.
Since the initial research in May of 2017, numerous vendors have been working to implement patches to help secure endpoints and reduce their vulnerability to the attacks. The research was made public October 2017. Though each operating system is vulnerable to a different flavor or flavors of the attack, it is important to note that each exploit causes the attacker to act as a man-in-the-middle. Therefore, the attacker is able to decrypt and view any data that is not otherwise encrypted in-transit. This can be even more dangerous if your organization does not practice proper network segmentation.
What to Know?
As of October 17, Aruba Networks, Cisco, and Ubiquiti Networks have all released wireless access point patches to mitigate the KRACK vulnerabilities. Companies are strongly recommended to patch their equipment to the latest firmware versions as soon as possible. Additionally, software vendors, Microsoft, the Linux community, etcetera, are working to or have already began deployment of operating system level patches to resolve and mitigate the vulnerabilities at the endpoint device as well.
KRACK, while being a set of devastating vulnerabilities, already had many vendors prepared with patches at the time of public release. However, organizations without patch management and proper patching policies and procedures already in place may find it difficult to efficiently and quickly patch their devices. This will ultimately leave them vulnerable to the exploits for a more extended amount of time.
Are You Prepared?
It is highly recommended that organizations have a well-documented and maintained patch management plan. This plan should include all patching procedures and schedules required by the company. From firmware, to operating systems, to custom applications, and to third party software, each should have its own routine schedule and procedures. Automation and patch management applications are also critical for rapid release of patches to endpoint systems. Additionally, all policies should include detailed procedures for when emergency patching is necessary.
If your company is in need of assistance to create or implement patching procedures, or any other security policies and programs, our consultants are ready to help. From cybersecurity experts and information assurance professionals, to veteran systems and network architects, we can help you ensure that your organization is ready to act upon KRACK and other critical vulnerabilities as they arise.
KRACK CVE Information
CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088