Heads up: WPA2 vulnerability

Tips · 1 MIN READ · BRUCE POTTER · OCT 16, 2017 · TAGS: Alert / Heads up / Vulnerability

Re: the WPA2 vulnerability. Details here: https://www.krackattacks.com. The TL;DR is “don’t flip out.” This is an example of bug marketing and the infosec echo chamber getting way out in front of reality.

Important bits

There are multiple vulnerabilities. They all generally revolve around data decryption, injection, or replay.
Attacks must be carried out on individual clients at a time. The attack does NOT affect all clients at once.
Like any wireless attack, the attacker needs to be in relatively close proximity to execute. This VASTLY limits the attack surface as it’s more costly and risky for an attacker to execute than traditional network-borne attacks.
Traffic that is otherwise protected is fine (TLS for example). The author makes some broad claims that TLS sessions aren’t secure b/c there are other attacks against TLS. That’s an over generalization. The story is different for local protocols that lack strong encryption.
Vendors have known about this attack since August. Microsoft has already patched and others have as well. You can track progress here.
Ultimately, these vulnerabilities are mostly of concern to organizations that are targets of well resourced, highly motivated attackers since attackers have to be close to targets, actively injecting traffic, and then they would have to use that access to exploit some other system in order to gain access. Most organizations do not fall into that category and should patch this vulnerability in their normal patching cycles. No need to go crazy addressing this announcement. You likely have far more pressing matters that will impact the security of your organization more than worrying about KRACK.
One takeaway from this vulnerability is the importance of the security of higher level protocols. TLS and VPNs run over wireless networks insulate your endpoints from compromises of the network infrastructure. Consider focusing your energies on ensuring your wireless networks run resilient layer 3+ protocols to protect from layer 2 shenanigans.

Tips

Top 10 MDR myths: debunked

The cybersecurity landscape is growing increasingly complex, and the never-ending sea of solutions, categories, and corresponding acronyms (i.e., “alphabet soup”) isn’t helping. Managed detection and response (MDR) is one of those acronyms…

Security operations

New mind maps & cheat sheets: Azure & Kubernetes

These new resources make it easier to know which API calls are associated with different MITRE ATT&CK tactics in Microsoft Azure and Kubernetes environments. Cloud and cloud security are huge. Precedence Research…

Tips

Four ways to stay safe online: CAM turns 20

Cybersecurity Awareness Month 2023 unveils a new theme and emphasizes four key behaviors to help keep your digital world safe. It’s October, which of course means it’s Cybersecurity Awareness Month (CAM). Specifically,…

EXPEL BLOG

Heads up: WPA2 vulnerability

Tips · 1 MIN READ · BRUCE POTTER · OCT 16, 2017 · TAGS: Alert / Heads up / Vulnerability

Important bits

Tips

Top 10 MDR myths: debunked

Security operations

New mind maps & cheat sheets: Azure & Kubernetes

Tips

Four ways to stay safe online: CAM turns 20

Tips

Supercharge your first 100 days as a new CISO

Tips · 1 MIN READ · BRUCE POTTER · OCT 16, 2017 · TAGS: Alert / Heads up / Vulnerability

Important bits

Related Articles

Tips

Top 10 MDR myths: debunked

Security operations

New mind maps & cheat sheets: Azure & Kubernetes

Tips

Four ways to stay safe online: CAM turns 20

Tips

Supercharge your first 100 days as a new CISO