Wireless is no longer something that we might use while staying in our hotel or sitting in the local coffee shop. Today mobile devices require ubiquitous wireless connectivity. That convenience can make our online experience better and faster. The prevalence of wireless access points everywhere we go has increased revenue for retailers and allowed us to work while we are on the go. All this mobility is great for productivity. However, it adds exposure to risk and gives hackers the desire to crack the security measures put in place to protect our sensitive information.
Approximately 12 years ago, the Wi-Fi Alliance created WPA2 in response to the standard imposed by the IEEE in the 802.11i amendment. WPA2 itself was a replacement for Wired Equivalent Privacy (WEP) which was weak and cracked soon after it was introduced. By 2002, WEP was easily cracked and the methodology was well published. It was believed, until recently, that WPA2 was safe, especially when used in conjunction with 802.1x as opposed to a Pre-shared key (PSK). On October 17, it was made known that this is no longer the case.
The vulnerabilities recently published use something called Key Reinstallation Attacks, (KRACKs). Many of these vulnerabilities require client operating system updates to patch user devices like laptops, mobile phones, and tablets. The attack targets “Fast Secure Roaming” a.k.a. Fast BSS Transition (FT) which is part of the 802.11r protocol.
802.11r the standard used to improve the roaming experience of wireless client devices as they change their location within a given network and automatically therefore associate and disassociate to various access points (AP) according to signal strength and other criteria. Associating to a new AP is time-consuming, due to the security put in place. FT assists roaming clients — it helps to protect against poor performance caused by packet loss and jitter in applications like VoIP or streaming media. However, FT introduces vulnerabilities too.
Any attacker can eavesdrop on the sensitive information exchanged between a client and a wireless AP by taking advantage of the fact that replayed frames are not counted when establishing a connection using FT. The attacker can then replay data sent to an AP, including the encryption key data — enabling that attacker to decrypt/build wireless frames. In all cases, an attacker needs to be within close proximity of the AP or client device that is being attacked. CVE-2017-13082 details the exploits using the newly disclosed FT vulnerability. Only specific unpatched wireless APs that have enabled 802.11r functionality are at risk.
To find out more from the vendors visit the following links:
- Cisco: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
- Meraki: https://meraki.cisco.com/blog/2017/10/critical-802-11r-vulnerability-disclosed-for-wireless-networks/
- Aruba: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf
Author Bio: John Busso is a Senior Network Engineer/Mobility Specialist at CCSI. He has almost 20 years experience providing secure voice and data solutions. John has been a Subject Matter Expert for Enterprise Mobile Solutions such as Guest WiFi and BYOD, providing vision for diverse clients.
John has been an Adjunct Professor and trainer. He holds numerous Industry certifications, including CISSP CWNP, CCNP, ACMP and ITIL. His experience includes working with retail, TNL-Couriers, DC’s and Airports, Healthcare, Education, DOD, Local Government, Financial, Non-Profit-Public WiFi, Entertainment and Hospitality industries. His expertise is in mobility, security, WLAN, WAN, LAN, VoWiFi, RFID, RTLS, WIPS, WIDS, DAS, licensed/unlicensed PTP and PTMP networks. Connect with John on Twitter via @JohnBusso.