i Solution to prevent breaking out WPA2 WiFi Protocol – KRACK Attack – All things in moderation

Solution to prevent breaking out WPA2 WiFi Protocol – KRACK Attack

As many people have read or will soon read, there is a vulnerability in the WPA2 wireless protocol called KRACK. An attacker within the wireless communications range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocol being used. Impacts may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames.

So here’s what to do now that the WPA2 protocol is vulnerable:

Update all the wireless things you own
So you should update all your routers and Wi-Fi devices (laptops, phones, tablets…) with the latest security patches. You can also consider turning on auto-updates for future vulnerabilities as this won’t be the last one. Modern operating systems have become quite good at auto-updates.

Update firmware your router

To help with this, we have created a list of known information regarding various WiFi vendors and whether new drivers are available. As this vulnerability is fairly new, there is little information available, I advise you to check this page throughout the coming days to see if new information is available. This page includes information resulting from contacting of vendors, CERT’s informative page, and other sources.

Vendor Status Date Notified Date Updated
Aerohive Affected 30 Aug 2017 17 Oct 2017
Arch Linux Affected 28 Aug 2017 17 Oct 2017
Aruba Networks Affected 28 Aug 2017 09 Oct 2017
Broadcom Affected 30 Aug 2017 17 Oct 2017
Cisco Affected 28 Aug 2017 16 Oct 2017
Cradlepoint Affected 17 Oct 2017
Debian GNU/Linux Affected 28 Aug 2017 17 Oct 2017
Digi International Affected 17 Oct 2017
eero Affected 17 Oct 2017
Espressif Systems Affected 22 Sep 2017 13 Oct 2017
Extreme Networks Affected 28 Aug 2017 17 Oct 2017
Fedora Project Affected 28 Aug 2017 17 Oct 2017
Fortinet, Inc. Affected 28 Aug 2017 17 Oct 2017
FreeBSD Project Affected 28 Aug 2017 17 Oct 2017
Google Affected 28 Aug 2017 16 Oct 2017

View More »

Use Ethernet

If your router doesn’t yet have a fix,don’t worry, you could Ethernet into your router and turn off its wireless function until it’s patched (assuming WiFi can be disabled on your router). Turn off WiFi on your device as well so that you’re sure all traffic goes through that Ethernet cable.

If you still want to keep WiFi for some devices, consider switching to Ethernet for your essential devices. For instance, if you spend hours every day on a computer and use a ton of internet traffic from this computer, buy an Ethernet cable.

Consider using cellular data on your phone

Your phones and tablets don’t have an Ethernet port. If you want to make sure nobody is watching your traffic, disable WiFi on your device and use cellular data instead. This isn’t ideal if you live somewhere with a spotty network, pay extra for mobile data, or if you don’t trust your telecom provider.

Devices running Android 6.0 and later are more vulnerable than other devices. It is trivially easy to perform a key reinstallation attack because of a bad implementation of the handshake mechanism in the WiFi stack. So Android users do need to be more careful.

Install the HTTPS Everywhere extension

As mentioned above, you can mitigate risks by prioritizing encrypted internet traffic over unencrypted traffic. The EFF has released a neat browser extension called HTTPS Everywhere. If you’re using Google Chrome, Firefox or Opera, you should considering installing the extension.

If a website offers unencrypted access (HTTP) and encrypted access (HTTPS), the extension automatically tells your browser to use the HTTPS version to encrypt your traffic. If a website still relies exclusively on HTTP, the extension can’t do anything about it. The extension is no use if a company has a poor implementation of HTTPS and your traffic isn’t really encrypted.

Don’t rely on a VPN as a solution

On paper, using a VPN server sounds smart. But we’ve been there already — be careful with VPN services out there. You can’t trust any of them.

When you use a VPN service, you reroute all your internet traffic to a VPN server in a data center somewhere. An attacker can’t see what you’re doing on your WiFi network, but a VPN company can log all your internet traffic and use it against you.


Leave a Reply