Yet another massive vulnerability that requires fast and widespread patching has just been announced: the KRACK (Key Reinstallation Attack) vulnerability, which exploits a handshake issue in the WPA2 Wi-Fi protocol. Thanks to KRACK, hackers can now potentially decrypt anything and everything we transmit over Wi-Fi.
In the words of the researcher who discovered the flaw, “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.”
Just about the only bright spot is that you must connect directly to the Wi-Fi access point under attack for KRACK to work. That means that many impending KRACK attacks will be specifically targeted, as the hacker will need to be within a few hundred feet of the device.
How to Reduce Risk from the KRACK Wi-Fi Bug
Organizations that store and/or manipulate sensitive or valuable data need to get ready immediately. Here are the three key things you need to do to reduce the risk from KRACK:
1) Patch Management
Proactively have (or reactively put) a patch management program or plan in place to update every Wi-Fi enabled endpoint, wireless device and infrastructure device on your network that you can possibly patch (laptops, smartphones, smart watches, routers, switches, modems, bridges, IoT devices like security cameras and smart thermostats, etc.) as KRACK-resistant patches become available.
This includes identifying every Wi-Fi enabled device on your network and verifying whether its firmware or software is up-to-date. In many cases, you’ll also need to check with the device vendor about patch status. Is the device vulnerable to KRACK? What is the vendor’s plan and timeline to remediate the vulnerability? You’ll also need to determine which devices can be updated remotely or automatically, and which you must update manually.
2) Find a Solution for Un-patchable Devices
Put a plan in place to identify and mitigate the risk from every device that you can’t patch, either because they’re too old or because the manufacturer has no plans to release a patch. This will mean either isolating, removing or replacing them ASAP. If you fail to do this, your business will remain vulnerable to a potentially devastating KRACK attack for years to come.
3) Rethink Your Wi-Fi Network
Organizations that had previously considered their internal network to be a trusted environment will need to rethink that security posture—because that assumption is no longer true. Almost any Wi-Fi network in the world can now be easily breached.
Robust Patch Managment is the Crucial KRACK Defense
If nothing else, this latest mega vulnerability is a good opportunity to find out the true status of your patch management capability and to advocate for a more robust patch management program. Knowing that hackers can potentially see any Wi-Fi data could help drive support for consistent, routine patching.
There is absolutely no doubt that patch management is among the most fundamental and critical steps any organization must take to establish minimal information security. If your systems and devices aren’t patched, your business is a sitting duck for ransomware, data exfiltration, compromised authentication credentials, or any other cybercrime you can name.
To get expert guidance and support on mitigating the vulnerabilities associated with the KRACK Wi-Fi bug, contact Pivot Point Security.