3 Takeaways for the KRACK WPA2 Vulnerability
Over the last 48 hours security researchers have discovered new weaknesses in the WPA2 Wi-Fi security protocol which could allow hackers to steal sensitive info or even inject malware into networks and network devices, with mobile devices being particularly vulnerable due to the proliferation of native apps which may not implement app-level encryption.
As stated on KrackAttacks, the weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected.
The attack works by focusing on the four-way handshake used by WPA2 to confirm that client and access point have the correct network password and to negotiate a new encryption key to be used to encrypt all subsequent traffic.
To prevent the attack, users must update affected products as soon as security updates become available.
1. There is no silver bullet for cyber threat prevention; nothing is secured forever. Vulnerabilities will always await discovery and be subject to exploitation. Developers call them “bugs”, but we must all learn to speak the same language, and adopt a holistic layered approach.
2. SANS Institute describes the term layered security as “a defensive strategy featuring multiple defensive layers that are designed to slow down an attacker”. The military uses similar tactics called “deep defense” or “defense in depth,” where their goal is to slow an attack, causing enemy casualties. In the digital world, this means causing delays for the attackers and detecting them before they can do serious damage. In some cases, a properly implemented layer may act as a strong enough deterrent to cause the attacker to look for an easier target.
3. Although an attacker may gain wireless access into your network, a layered security approach will ensure that the hole discovered can’t be exploited. By adhering to best practices like keeping systems patched and updated, implementing user roles and group policy, having end-to-end network segmentation in place to limit the spread of malware and free reign of bad actors, utilizing multi-factor authentication (MFA), securing data with data at rest and in-flight encryption, and taking advantage of app-level encryption where possible.
If you’d like to discuss the threat landscape and how things like this WPA2 crack happen, best practices for adopting a holistic security approach, or the unique challenges inherent to your business, please reach out to me directly. We’re here to help.