CTS 094: Sealing the KRACK Attack

We provide an overview of the KRACK Attack targeting Wi-Fi security. KRACK Attack On October 16th, 2017 a vulnerability within WPA2 security was released. In this episode, we provide an overview of what the KRACK Attack is, how it affects Wi-Fi networks, and what you can do to seal this security threat. KRACK Attack targets a weakness in the 4-Way Handshake. Specifically, the key management process. Within the 4-Way Handshake it is possible for an attacker to reinstall an already in use key. This is a security weakness because it causes devices to reinstall a key. Keys should only be installed once thus causing a weakness in security. An attacker would need to perform a Man-In-The-Middle attack in order to be successful in pulling off the attack. This means Wi-Fi devices are at risk. This becomes the challenge with ensuring security. All devices would need to receive this security patch. On the infrastructure side, an attacker would be able to perform a replay attack on APs with 802.11r enabled. Major vendors are releasing a patch for this vulnerability but as a workaround you could disable 802.11r. Listen in on our discussion around KRACK Attack, our thoughts, and our opinions on security as a whole. Links & Resources * Packet6 – KRACK Attack * Semfio Networks – Understand KRACK in 2 Hours * Revolution WiFi – WPA2 KRACK Vulnerability – Getting Information * KRACK Attacks.com