KRACK Wireless Access Vulnerability

KRACK - Wireless Access Vulnerability


It’s been all over the news that the dastardly hackers have struck again, this time hitting your favourite wireless.  According to some reports, the world will end (again!).

Firstly, its true : this week has seen the public release of information about a vulnerability with Wi-Fi access.  As with all breaking news details can differ between reports and many exaggerate the issue.  In this case, there is an issue and it does need to be addressed.

What is affected?


The issue impacts wireless access that uses the WPA2 (Wi-Fi Protected Access II) standard.  It’s fairly safe to say that most every Wi-Fi device in the world supports this protocol.  This impacts everything from mobile phones/laptops/desktops that have Wi-Fi to the Wireless Access Points themselves.

Online sources warn that Android and Linux devices are most at risk, while MacOS and Windows are exposed to a lesser extent.

What can the hack do?


The release of information is still very new.  As yet no one has had time to build any tools that take advantage of the hack.  Past experience suggest that active exploration can lag a month or two behind release.  But the tools will come.  When they do a hacker should be able to:

  • Disrupt your Wi-Fi.
  • Gain unauthorised access to your Wi-Fi.
  • Read and decrypt data sent from the victim device to the WAP (Wireless Access Point).

From what we’ve read to date, it seems that the hack finds it much harder to capture the data that comes down from the network to the victim.  Hacking the data-stream does not guarantee that they can hack its content.  That’s because often the data inside the stream is encrypted again.  Nevertheless, this is a very real risk and it needs to be mitigated.

What can be done?


The hack is based on a lazy fault in which the WPA2 protocol can be tricked into reusing encryption details.  This is an easy fault for manufacturers to fix and most reputable makers of Wireless Access Points have already released a update.

What is Kinetics doing?


This will impact almost every Kinetics client.  We are taking a systematic approach to work though everyone in a timely manner.

Kinetics Premium KARE clients will have their Wi-Fi access points updated at no charge.  This will require a restart which will happen after hours.  We have already started work on Premium clients.

When we have completed Premium clients, we will review all Core Fundamental and Ready Reaction clients in that order.  Those clients will then be contacted asking permission to upgrade the Wi-Fi.  The process can be done remotely and will include some after hours work to apply the restart.   We expect the cost to be equal to an hour’s labour and we are happy to fix the cost at that.

For all KARE clients the costs assume that the WAP has a current manufactures support agreement.  If it does not, extra cost may be incurred.

When we have completed all clients on a KARE agreement.  We will contact all remaining clients by email or phone.  For non KARE clients, upgrading will be on a time and materials basis once we have your permission.

Useful Links


Software Engineers Institute Vulnerability Notes Database

Krack Attacks report

9TO5Mac

ARS Technica