KRACK is short for Key Reinstallation Attack, which is a vulnerability that affects the core of WPA2 protocol. Any device running Android, Linux, OpenBSD, macOS and Windows are affected to varying degrees. This exploit can be used to decrypt sensitive information, inject malware and manipulate data on the end user’s device(s).
This is a form of a man in the middle attack. Man in the middle attacks are just that, they are another user intercepting traffic from one client device, then forwarding it to the requested end point. The goal being that the end user has no idea their traffic is being intercepted.
How does it work?
The KRACK attack works by targeting the 4-way handshake that takes place when a client joins a WPA2 protected network. Simplified, this is a method for a wireless client and wireless AP to disclose that they know each other without ever disclosing the key. KRACK in this case will trick a vulnerable client into installing an already in use key, bypassing encryption.
Are my devices vulnerable?
Android/Linux based OS are likely most affected. The 2.4 and above wpa_supplicant, which is a WiFi client commonly used on Linux, is particularly vulnerable. Microsoft on the other hand, seems to have deployed a silent patch sometime last week that addresses this specific attack.
The attacker must be in range of the WiFi signal. Hotels are likely to be a target simply for the amount of users located in one area, but this attack does not open up security holes from attackers not within the proximity of the hotel.
What about security updates on routers/devices?
Most of these attacks are targeting clients. While some manufacturers may have preventative measures, this mainly comes down to a problem with the end user device.
Are WiFi passwords compromised?
No. This attack is used to bypass encryption, not revealing WIFI passwords.
What can I do in the meantime to protect myself on an unpatched device?
VPNs are a great layer of security. If you are on a compromised device, the only information that could be intercepted is non-VPN traffic; all traffic through the VPN will still be encrypted.
How do I know if my devices are set to automatically update, toupdate to my devices to the latest version or to configure my devices for automatic updates?
Mojo has released firmware version 8.5.0-345 to patch a security vulnerability in the WPA2 security protocol. Any device with a build version of 8.5 or above is secure and will not need to be updated. If the build version for a device is lower than 8.5.0-345, you will need to update the device firmware. For legacy 802.11n AP platforms (C60, C50, C55) which do not have a path to 8.5, an upgrade to 8.2.1-902.25 will remedy the vulnerability. Cloud-connected APs will see this build available for upgrade.
To set or verify automatic firmware updates and look up your current version, please use the following steps:
NOTE: A One Time-Scheduled update is an option if you wish to perform manual updates. However, this procedure would need to be repeated for any updates required in the future.
How do I confirm that my device has been updated?
After the next scheduled update occurs (based on the schedule you set), you can confirm that your devices have been updated to the 8.5.0-345 (current models) or 8.2.1-902.25 (Older Models, C-50, C-55, and C-60) firmware version by using the following steps:
Sources: arstechnica.com, techopedia.com, krackattacks.com, krebsonsecurity.com, pcworld.com, bleepingcomputer.com