Wi-Fi vulnerable to KRACK

Wednesday, November 29, 2017

Security researchers have discovered a major vulnerability in Wi-Fi Protected Access 2 (WPA2), which is a popular type of encryption that provides unique encryption keys to secure a Wi-Fi network. KRACK, otherwise known as Key Reinstallation AttaCK, may allow attackers to intercept and steal data transmitted across Wi-Fi as well as manipulate web pages. 

The United States Computer Emergency Readiness Team issued the following warning in response to the exploit:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

All Wi-Fi devices are to some degree susceptible to the vulnerabilities making them ripe for data theft or ransomware code injection from any malicious attacker within range. PHA Senior Advisor for Security George Bailey advises healthcare clients to update their Wi-Fi-enabled devices (i.e. laptops, tablets, and smartphones) as soon as a software update is made available, and to continue using WPA2 until then. If you’ve got version 2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux and Android 6.0 and above, your system could be particularly vulnerable.

Bailey recommends you install and use a reputable virtual private network (VPN) on all mobile devices and computers before connecting to any Wi-Fi network so that your web traffic will be encrypted. Using HTTPS-enabled websites also ensures your web traffic will be encrypted by SSL and may be safer from this vulnerability.

For the healthcare industry, KRACK could be most devastating to IoT devices as many vendors and healthcare organizations fail to make timely patches. Healthcare IT leaders can visit the US-CERT advisory site for a list of products and available updates to patch the flaw.

The vulnerabilities were formally presented on November 1st in a talk titled “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2” at Dallas a security conference.

Writer: George Bailey, 765-494-7538, baileyga@purdue.edu

Tags: Health IT Security

Purdue University, West Lafayette, IN 47907 (765) 496-1911

© 2014 Purdue University | An equal access/equal opportunity university | Copyright Complaints

If you have trouble accessing this page because of a disability, please contact Purdue Technical Assistance Program taphelp@purdue.edu.