Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
Today, a series of high-severity vulnerabilities affecting the WiFi Protected Access II (WPA2) protocol were disclosed. Security researchers have developed a proof of concept (POC) demonstration, dubbed “KRACK”, and a dedicated website through which further details are likely to be released.
An advisory was distributed by the US CERT to a select number of unidentified organizations stating the following malicious activities could occur should an attacker successfully exploit the vulnerabilities: decryption, packet relay, TCP connection hijacking, and HTTP content injection attacks.
Here’s what we know – and do not yet know – so far.
It’s likely that a large number of devices which use WiFi are exposed to this vulnerability, but only works if the attacker is within the victim’s network range. However, an attack requires the physical presence of an attacker to the victims’ network.
Fig 1 – A screenshot of a POC demonstration for KRACK. Source: hxxps://www[.]youtube[.]com/watch?time_continue=13&v=Oh4WURZoR98
Researchers have demonstrated a proof of concept (POC) attack, dubbed “Krack attack”, targeting an Android smartphone; a video for which showed how all the data transmitted by the victim could be decrypted. The video showed a plaintext downgrade attack against TLS/SSL via sslstrip Details of this are available on a dedicated website; hxxps://www[.]krackattacks[.]com/. Linux and Android versions 6.0 and above are particularly effected, though the list of vulnerable devices is extensive.
Some wireless manufacturers have already developed patches to mitigate against this threat, with Bleeping Computerand US CERT having published useful lists on the latest firmware and driver updates.
While there is a proof of concept demonstration, there was no proof of concept code released, and no public indication these vulnerabilities had been exploited in the wild. Although the POC video gave a good overview of the exploit, the exact technical knowledge required to successfully conduct this type of attack is unknown.
We have not yet observed the vulnerability exploited in the wild, although criminals have showed an interest. This is confirmed by conversations on criminal forums, with users interested – yet skeptical – of finding a quick exploit.
Fig 2 – Discussion of KRAK on a criminal forum
The US CERT reiterates that the vulnerabilities could potentially be used to conduct arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames by conducting a man-in-the-middle (MiTM) style attack. Of course, not all devices are equally affected, but the research paper outlines these differences.
In order to manage the risk, here’s five steps organizations can take:
Stay up to date with our research. Subscribe here to receive the latest industry news, threat intelligence and security resources.