We were recently published in Security Dealer & Integrator magazine and featured online on the industry leading website, SecurityInfoWatch. The article, titled "A KRACK in the Wireless Armor" was published in February (Vol. 40, No. 2).
A KRACK in the Wireless Armor
You know the way business is these days – it is all about providing valuable services that make a customer’s life more convenient, safe and secure. That also means trying to help customers on the cybersecurity front, so their information, video streams or other system data is not compromised. Unfortunately, that is getting harder to do in today’s reality, where new threats are emerging almost daily and you have to know how to try to actively prevent, detect and monitor these types of activities. This applies to your customers as well as your own business.
Customers look to systems integrators as their hired expert advisors, relying on them to make design and product recommendations that are the best fit for their organization. So, what should a systems integrator do if the product itself has a defect; or potentially even worse, a security vulnerability or “back door” to gain access?
Case in point: It has been four months since the KRACK wireless vulnerability discovery was made public in October 2017, yet there are still devices currently deployed and in operation which have not yet been updated to address this threat.
Inside the KRACK
KRACK, short for “Key Reinstallation Attacks,” is a weakness discovered by Mathy Vanhoef – a postdoctoral researcher with the iMinds-DistriNet Research Group, KU Leuven University, Leuven, Belgium – in the Wi-Fi network security standard WiFi Protected Access 2 (WPA2).
According to Vanhoef’s report, the flaw – which affected millions if not billions of devices – may enable an attacker to deploy a method that allows them to read information which was previously assumed to be encrypted during wireless transmission. The technique involves “tricking” devices to reinstall an already in-use encryption key, resulting in potentially allowing traffic to be intercepted and decrypted.
Unlike many vulnerabilities discovered in the past, KRACK does not just affect a specific manufacturer or product – the weakness is in the Wi-Fi standard itself and therefore most devices that support WPA2 are at risk. The result may potentially be the theft of sensitive data being transmitted over the wireless network and devices in danger include Wi-Fi routers, smartphones, thermostats, security cameras, speakers and really, any kind of wireless internet-connected device.