What is KRACK Attack?

KRACK is short for Key Reinstallation Attack, which is a vulnerability that affects the core of WPA2 protocol. Any device running Android, Linux, OpenBSD, macOS and Windows are affected to varying degrees. This exploit can be used to decrypt sensitive information, inject malware and manipulate data on the end user’s device(s).

This is a form of a man in the middle attack. Man in the middle attacks are just that, they are another user intercepting traffic from one client device, then forwarding it to the requested end point. The goal being that the end user has no idea their traffic is being intercepted.

How does it work?

The KRACK attack works by targeting the 4-way handshake that takes place when a client joins a WPA2 protected network. Simplified, this is a method for a wireless client and wireless AP to disclose that they know each other without ever disclosing the key. KRACK in this case will trick a vulnerable client into installing an already in use key, bypassing encryption.

Are my devices vulnerable?

Android/Linux based OS are likely most affected. The 2.4 and above wpa_supplicant, which is a WiFi client commonly used on Linux, is particularly vulnerable. Microsoft on the other hand, seems to have deployed a silent patch sometime last week that addresses this specific attack.

The attacker must be in range of the WiFi signal. Hotels are likely to be a target simply for the amount of users located in one area, but this attack does not open up security holes from attackers not within the proximity of the hotel.

What about security updates on routers/devices?

Most of these attacks are targeting clients. While some manufacturers may have preventative measures, this mainly comes down to a problem with the end user device.

Are WiFi passwords compromised?

No. This attack is used to bypass encryption, not revealing WIFI passwords.

What can I do in the meantime to protect myself on an unpatched device?

VPNs are a great layer of security. If you are on a compromised device, the only information that could be intercepted is non-VPN traffic; all traffic through the VPN will still be encrypted.

How do I know if my devices are set to automatically update, toupdate to my devices to the latest version or to configure my devices for automatic updates?

Mojo has released firmware version 8.5.0-345 to patch a security vulnerability in the WPA2 security protocol. Any device with a build version of 8.5 or above is secure and will not need to be updated. If the build version for a device is lower than 8.5.0-345, you will need to update the device firmware. For legacy 802.11n AP platforms (C60, C50, C55) which do not have a path to 8.5, an upgrade to 8.2.1-902.25 will remedy the vulnerability. Cloud-connected APs will see this build available for upgrade.

To set or verify automatic firmware updates and look up your current version, please use the following steps:

  1. Log into your portal and select Wireless Manager
  2. Click on configuration at the top of the screen
  3. Select System Settings
  4. Select Device Firmware Update
  5. Check the box for “Enable Scheduled Device Firmware Update”.
  6. Select “Recurring Schedule” and indicate the days and time during which you want the device to check for updates.
    1. When updates occur, your Access Point will be unavailable for approximately 5 minutes. Windstream recommends you select scheduled update times that do not overlap with your business hours.
    2. The next occurrence of your selected schedule will upgrade your device to the new KRACK proof firmware version (8.5.0-345 or 8.2.1-902.25 for older models, C-50, C-55, and C-60).
    3. The update duration time indicates how long the device will attempt to upgrade before cancelling. The recommended time is the default setting of 4 hours.

    NOTE:  A One Time-Scheduled update is an option if you wish to perform manual updates. However, this procedure would need to be repeated for any updates required in the future.

  7. Ensure that the “Latest version for all models” radio button is selected.
  8. Once your changes have been completed, click the Save button. All Access Points in your device table will now check for updates automatically.

How do I confirm that my device has been updated?

After the next scheduled update occurs (based on the schedule you set), you can confirm that your devices have been updated to the 8.5.0-345 (current models) or 8.2.1-902.25 (Older Models, C-50, C-55, and C-60) firmware version by using the following steps:

  1. From your Dashboard, Click Monitoring, then select Managed Devices.

  2. The “Build” column, showing current firmware version, may not be visible in your current view. To enable it:
    1. Click on the dropdown menu of any column header in the Managed Devices table.
    2. Hover your cursor over Columns option, and ensure the box for “Build” is checked.
  3. Once the Build column is visible, you can view the firmware version for each device.

    If you have multiple pages of devices, you can sort the column by Ascending to see any devices that have not been updated yet.

Sources:  arstechnica.com, techopedia.com, krackattacks.com, krebsonsecurity.com, pcworld.com, bleepingcomputer.com