Last month, the news that a WPA2 vulnerability was discovered by a researcher from the University of Leuven, hit the headlines. Hailed as one of the most potentially devastating security threats ever found, this universal vulnerability affects the protocol that protects modern Wi-Fi networks, subsequently leaving all Wi-Fi enabled devices open for attackers to decrypt traffic and inject data to manipulate systems.
Known as a ‘Krack attack’, the most serious implication of an attack of this nature is the ability for attackers to potentially intercept sensitive data such as passwords, credit card details and confidential business information. Upon this discovery, organisations across the globe went into overdrive in a bid to protect their information however, do business leaders really need to panic about quickly fixing their networks? Despite the seriousness of a potentially large-scale Krack attack, the answer is no.
Staying calm despite the hype
Contrary to popular belief, information has never been at a high risk of being stolen through a Krack attack, despite the potential severity and global reach of the vulnerability. But what’s stopping potential actors from exploiting it?
First and foremost, any attacker looking to target an organisation needs to be within physical range of the targeted Wi-Fi network, meaning organisations aren’t immediately vulnerable to everyone on the internet.
For those who do gain access into an organisation’s Wi-Fi network however, the increased use of HTTPS makes it difficult for them to effectively intercept and decrypt sensitive data. Correctly configured HTTPS makes a Krack attack more complex and time consuming for attackers, adding an extra layer of security for businesses.
To further protect their information, business leaders also need to ensure they are correctly using encryption (TLS, VPN etc.). The encryption of sensitive information may be common practice for many, but by securing traffic across a network, businesses can further protect themselves by making it harder for opportune attackers to monitor this traffic.
Despite the likelihood of a Krack attack being low, organisations need to be aware of, and take action to protect against, Wi-Fi reconnaissance activities such as war driving – where attackers locate Wi-Fi access points for potential targeting. Organisations with large physical sites, or multiple sites across the globe, are at a higher risk than smaller businesses when it comes to these activities. By implementing enough of the right security measures to protect systems however, the chances of a successful attack happening are significantly reduced.
The motives behind attack actors
While the need for an attacker to be in close physical proximity to a network makes it difficult to launch a Krack attack, potential attackers don’t necessarily have to be professional or vastly experienced to target businesses. The very nature of the WPA2 vulnerability allows anyone to read traffic from mobiles and laptops to Wi-Fi devices yet, while it’s vital organisations are aware of this, there’s yet to be an attributed Krack attack in the wild.
Whether to collect sensitive business information with the aim of collapsing a company, or to request a cash incentive for its safe return, those looking to expose the WPA2 vulnerability do so with a motive. By ensuring their networks are physically protected from attack vectors such as dead-drop boosters and war driving through ‘defence in depth’ (also known as Castle Approach) and layering numerous security controls throughout their IT system, organisations will be less vulnerable and their corporate data secure.
Krack the code
Taking into account the aforementioned limitations and the speed at which vendors have moved to develop security measures and patches, it’s highly improbable that a widespread exploitation of the WPA2 vulnerability will happen. Despite this, businesses must not rest on their laurels.
It is recommended that devices are fixed with the requisite updates as soon as possible. By ensuring IT and security teams are on the ball and responding in a timely fashion when these updates are released, organisations can quickly and efficiently protect themselves.
The WPA2 vulnerability is also likely to spawn the development of some implementation standards for Wi-Fi connected devices. Whether in the form of software, hardware or firmware, organisations need to be aware of and ensure their Wi-Fi networks adhere to these processes as soon as they become available. Only by implementing all these measures and defence in depth, can businesses be protected.
[su_box title=”About Joep Gommers” style=”noise” box_color=”#336588″][short_info id=’103908′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.