A computer security researcher in Belgium has discovered a vulnerability in the WPA2 protocol that protects all modern Wi-Fi networks.
Wi-Fi Protected Access 2 (WPA2) is the main protocol that is the standard protection for Wi-Fi networks. But now hackers can use a technique known as key reinstallation attacks, aka “KRACK”, to intercept information sent over networks that users thought were encrypted. The crypto attack exploits a flaw in the four-way handshake process between a user's device trying to connect and a Wi-Fi network. Key reinstallation allows an attacker unauthorized access to the network without the password, effectively opening up the possibility of exposing all the personal data on your device -- including credit card information, personal passwords, messages, emails and pretty much everything else.
Worst of all, practically any implementation of a WPA2 network is affected by this vulnerability, and it's not the access point that's at risk. Instead, KRACK targets the devices you use to connect to the wireless network.
According to Mathy Vanhoef, the researcher who discovered the protocol vulnerability, any device that uses Wi-Fi is exposed. That means a router, a phone, a laptop, a smart TV or even a Wi-Fi enabled GPS unit that uses WPA2 protocol could be susceptible. Vanhoef said the attack works against all modern protected Wi-Fi networks, and that his team found during its research that systems powered by Android, Apple, Windows, Linux and others were all affected by “some variant” of the attacks.
However, KRACK is mainly a local vulnerability -- attackers need to be within short range of your wireless network. That doesn't mean your vessel’s network is totally impervious to an attack, but the odds of a widespread attack are low due to the way the attack works. You're more likely to run into this attack on a public network like a marina or café.
What can be done right now?
Changing your passwords won't help. It never hurts to create a more secure password, but this attack circumvents the password altogether, so it won't make a difference.
Keep using the WPA2 protocol for your networks. It is still the most secure option available for most wireless networks.
Update all your devices and operating systems to the latest versions. Check for updates for all of your electronics and make sure they stay updated. Users are at the mercy of manufacturers and their ability to update existing products. Microsoft, for example, has already released a security update to patch the vulnerability.
Available Updates to Date
Fortunately, with such a dangerous vulnerability, companies have been quick to patch their software. CNET has compiled a list of all the companies that have released security patches or information so far:
- Applehas already created a patch for the exploit in betas for iOS, MacOS, WatchOS and TVOS.
- Arubahas patches available for download for ArubaOS, Aruba Instant, Clarity Engine and other software.
- Ciscohas already released patches for the exploit for some devices, but is currently investigating whether more need to be updated.
- Expressif Systemsreleased software fixes for its chipsets, starting with ESP-IDF, ESP8266 and ESP32.
- Fortinetsays FortiAP 5.6.1 is no longer vulnerable to the exploit, but version 5.4.3 may still be.
- FreeBSD Projectis currently working on a patch.
- Googlewill be patching affected devices in the coming weeks.
- HostAPhas released a software fix for the exploit.
- Intelreleased an advisory as well as updates for affected devices.
- LEDE/OpenWRTnow has a patch available for download.
- Linuxalready has software fixes and Debian builds can already be updated, as well as Ubuntu and Gentoo.
- Netgearhas updated some of its routers. You can check for and download updates here.
- Microsoftreleased a Windows update on Oct. 10 that patched the exploit.
- MicroTikRouterOS version 6.93.3, 6.40.4 and 6.41rc are not affected by the exploit.
- OpenBSDaccess points are unaffected, but a patch for clients has been released.
- Ubiquiti Networksreleased a firmware update, version 184.108.40.20637, to patch the vulnerability.
- Wi-Fi Alliancenow requires testing for the vulnerability and provides a detection tool for Wi-Fi Alliance members.
- WatchGuardreleased patches for Fireware OS, WatchGuard access points and WatchGuard Wi-Fi Cloud.
A list of vendors that have patched the vulnerability can be found on the CERT website.
How Remote IT Support can benefit your yacht
GCS recommends, designs and implements a virtual private network (VPN) for all support clients, which will encrypt all your internet traffic and can protect you from such an attack. Not to mention, it's good practice to use a VPN if you care about your online privacy or security anyway.
Strictly using sites that use HTTPS can help protect you against KRACK, but does not completely cover every instance. Check with your IT provider or contact GCS to ensure your electronics have the latest updates.
GCS will be at the Fort Lauderdlae International Boat Show! Call now to schedule an appointment or vessel network review: +1 954 608 2673