The Yacht Technology Blog

KRACK -- Yacht Wifi networks at risk from new-found vulnerability

Posted by Steve Kahlich on Oct 20, 2017 10:34:34 PM

    

WiFi.jpg

A computer security researcher in Belgium has discovered a vulnerability in the WPA2 protocol that protects all modern Wi-Fi networks.

Wi-Fi Protected Access 2 (WPA2) is the main protocol that is the standard protection for Wi-Fi networks. But now hackers can use a technique known as key reinstallation attacks, aka “KRACK”, to intercept information sent over networks that users thought were encrypted. The crypto attack exploits a flaw in the four-way handshake process between a user's device trying to connect and a Wi-Fi network. Key reinstallation allows an attacker unauthorized access to the network without the password, effectively opening up the possibility of exposing all the personal data on your device -- including credit card information, personal passwords, messages, emails and pretty much everything else.

Worst of all, practically any implementation of a WPA2 network is affected by this vulnerability, and it's not the access point that's at risk. Instead, KRACK targets the devices you use to connect to the wireless network.

According to Mathy Vanhoef, the researcher who discovered the protocol vulnerability, any device that uses Wi-Fi is exposed. That means a router, a phone, a laptop, a smart TV or even a Wi-Fi enabled GPS unit that uses WPA2 protocol could be susceptible. Vanhoef said the attack works against all modern protected Wi-Fi networks, and that his team found during its research that systems powered by Android, Apple, Windows, Linux and others were all affected by “some variant” of the attacks.

However, KRACK is mainly a local vulnerability -- attackers need to be within short range of your wireless network. That doesn't mean your vessel’s network is totally impervious to an attack, but the odds of a widespread attack are low due to the way the attack works. You're more likely to run into this attack on a public network like a marina or café.

What can be done right now? 

wifi2.png

Changing your passwords won't help. It never hurts to create a more secure password, but this attack circumvents the password altogether, so it won't make a difference.

Keep using the WPA2 protocol for your networks. It is still the most secure option available for most wireless networks. 

Update all your devices and operating systems to the latest versions. Check for updates for all of your electronics and make sure they stay updated. Users are at the mercy of manufacturers and their ability to update existing products. Microsoft, for example, has already released a security update to patch the vulnerability. 

Available Updates to Date

Fortunately, with such a dangerous vulnerability, companies have been quick to patch their software. CNET has compiled a list of all the companies that have released security patches or information so far:

  • Applehas already created a patch for the exploit in betas for iOS, MacOS, WatchOS and TVOS.
  • Arubahas patches available for download for ArubaOS, Aruba Instant, Clarity Engine and other software.
  • Ciscohas already released patches for the exploit for some devices, but is currently investigating whether more need to be updated.
  • Expressif Systemsreleased software fixes for its chipsets, starting with ESP-IDF, ESP8266 and ESP32.
  • Fortinetsays FortiAP 5.6.1 is no longer vulnerable to the exploit, but version 5.4.3 may still be. 
  • FreeBSD Projectis currently working on a patch.
  • Googlewill be patching affected devices in the coming weeks.
  • HostAPhas released a software fix for the exploit.
  • Intelreleased an advisory as well as updates for affected devices.
  • LEDE/OpenWRTnow has a patch available for download.
  • Linuxalready has software fixes and Debian builds can already be updated, as well as Ubuntu and Gentoo.
  • Netgearhas updated some of its routers. You can check for and download updates here.
  • Microsoftreleased a Windows update on Oct. 10 that patched the exploit.
  • MicroTikRouterOS version 6.93.3, 6.40.4 and 6.41rc are not affected by the exploit.
  • OpenBSDaccess points are unaffected, but a patch for clients has been released.
  • Ubiquiti Networksreleased a firmware update, version 3.9.3.7537, to patch the vulnerability.
  • Wi-Fi Alliancenow requires testing for the vulnerability and provides a detection tool for Wi-Fi Alliance members.
  • WatchGuardreleased patches for Fireware OS, WatchGuard access points and WatchGuard Wi-Fi Cloud.

A list of vendors that have patched the vulnerability can be found on the CERT website.

How Remote IT Support can benefit your yacht

wifi3.jpg

GCS recommends, designs and implements a virtual private network (VPN) for all support clients, which will encrypt all your internet traffic and can protect you from such an attack. Not to mention, it's good practice to use a VPN if you care about your online privacy or security anyway.

Strictly using sites that use HTTPS can help protect you against KRACK, but does not completely cover every instance. Check with your IT provider or contact GCS to ensure your electronics have the latest updates. 

Schedule a Review of your network protection

 

GCS will be at the Fort Lauderdlae International Boat Show! Call now to schedule an appointment or vessel network review: +1 954 608 2673

Topics: Remote IT Support, KRACK, Wi-Fi attacks

JD_Crawford_head_shotDarren and the GCS team have been instrumental in the development and deployment of several carrier grade IT networks for large scale, Savant-based super-yacht projects where the technology infrastructure needed to be extremely reliable. 

 

The capabilities of the GCS team have proven instrumental in helping us deliver a world class technology experience to some of the most prestigious yachts in the world.

 

J.D. Crawford of Savant Systems

Lady_Sheridan_from_Keith_Moore

I have been working with Great Circle Systems since 2006 when they did the installation of all our networking and Internet communications equipment on our boat being built in Germany.

 

The equipment they recommended and installed was exactly as we required.  We have had extremely good results with all of their equipment and it has performed as they had advised.

 

I would highly recommend them to all fellow captains.

 

Captain Keith T. Moore of M/Y Lady Sheridan

CE_W_Michael_Hummel_of_MY_TVTriton Administrator has proven to be the perfect tool for us on M/Y TV, which is a 78 meter Luerssen yacht.

 

Triton has comprehensive essential features plus any additional features one can possibly need. It is still easy to use and has a swift support team to implement customer-specific wishes, such as individual day logs, etc.

 

W. Michael Hummel, Chief Engineer of M/Y TV

 

Captain Bruno Herregods talks about Great Circle Systems tech support. 

Get FREE Yacht Technology Blog articles sent to your email inbox!

Download your FREE ebook.

Are you in the market for yacht management software? Click on the Yacht Management Software Buyer's Guide below to download your copy of this enlightening ebook.



yacht management software buyers guide

Download your Free Internet Bandwidth Calculator 

Want to know how much Internet bandwidth you need to support your vessel's guests and crew? Click below to download your free bandwidth calculator.



Bandwidth_calculator

Our readers love these articles:

Download your FREE checklist: "Documents to Keep On Board for MLC (Maritime Labour Certificate) 2006 Compliance" 

Do you have the right documents on board to comply with MLC (Maritime Labour Certificate) 2006 requirements? Click on the image below to download your free checklist.



file-24075857

Download your FREE list: "10 Document Deficiencies MLC 2006 Inspectors Hate to Discover" 

Our handy list helps you avoid documentation pitfalls that are red flags for inspectors. Click on the image below to download your free list.



file-24078962