Recently cybersecurity researcher Mathy Vanhoef of Belgian University, KU Leuven discovered serious weaknesses in WPA2, a protocol that secures all modern WiFi connection. He said that if not patched properly, an attacker within range of a victim Wifi network can exploit weaknesses using key reinstallation attacks (KRACK) to access sensitive information like Password and Credit Card details. Some of the big technology companies like Cisco, Microsoft, Apple, Google and Netgear among others have started patching their exposed solutions. TechObserver.in M Kalam spoke to Mike Fumai, COO and President of AppGuard to understand different aspects of KRACK vulnerability and what steps businesses should take to prevent KRACK attack. He said, “Enterprises should use this hype cycle to persuade stakeholders to properly segment their wired and wireless networks, if that has previously been opposed.”
What KRACK vulnerability means for Wi-Fi enabled devices and what kind of devices are most affected?
Android device owners are most impacted. Apple and Windows only affected in special cases. Even so, the risk is not great until weaponized tools make this easy for hackers to use. And even then, they must be within WiFi radio range to do so. The worst case involves such tools getting installed on already compromised endpoints so hackers can remotely snoop on WiFi traffic. At any given moment, there are millions of endpoints around the world with malicious remote administration tools (RAT) secretly operating on them. For the enterprise, those that have poorly segmented wired from wireless traffic are the most exposed.
What enterprises can do to prevent KRACK attack?
On their endpoints, enterprises must add an extension or add-on to web browser, such as HTTPS everywhere. This ensures that all web traffic is encrypted, regardless of WiFi. Most sensitive browser traffic tends to be HTTPS encrypted anyway. Also, they should verify that their email clients are also set for HTTPS/TLS enabled.
What steps businesses should take moving forward to make their system robust from security point of view?
I think, they should use this hype cycle to persuade stakeholders to properly segment their wired and wireless networks, if that has previously been opposed. They should also check to see which of their devices are vulnerable and if patches are available for those at http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
Businesses should also watch for and implement device patches as they come. They should do this before any compromised endpoints in enterprise get tools installed on them to steal data in motion through their WiFi. Businesses need to stay vigilant, this is neither the first nor the last time risks like these arise.
What could happen if businesses do not address this challenge?
Sensitive data in motion can be captured, possibly even manipulated.