A cyber security researcher of KU Leuven in Belgium, Mathy Vanhoef, has revealed a flaw in Wi-Fi’s WPA2’s cryptographic protocols. The discovery is alarming as the WPA2 protocol, the most common and secure Wi-Fi access protocol since 2004, is trusted by all for keeping Wi-Fi connections safe.
The attack, known as a ‘KRACK Attack’ (Key Reinstallation Attack) works by allowing the attacker to decrypt a user’s data without needing to crack or know the actual Wi-Fi network’s password. The attacker does this by decrypting the secure Wi-Fi connection and turning it into an unencrypted, and hence unsecure, HotSpot. For this reason, merely changing the Wi-Fi network password will not prevent or mitigate such an attack from taking place. However, a limitation of KRACK attacks is that they can only be carried out by an attacker who is within actual physical proximity of the targeted Wi-Fi network.
It should be noted though that the WPA protocol encrypts only the physical medium between a user’s device and the Wi-Fi connection it is joined to. Furthermore, all secured apps and websites do now use some sort of end-to-end encryption protocol such as HTTPS, which is designed to work over unsecured channels (such as unencrypted Wi-Fi connections). As a result, the only way to access this secure traffic is by performing an additional SSL Man-In-The-Middle (SSL MITM) attack.
Fortunately, SSL MITM attacks are already detected and protected by Check Point’s SandBlast Mobile on both iOS and Android devices by immediately alerting the user and blocking all corporate assets. SandBlast Mobile also helps to verify that mobile devices on your network are in compliance with the latest OS versions and security patches. You may request a demo of SandBlast Mobile here.
In addition, Check Point’s Capsule Cloud provides a worldwide service that secures remote PCs and laptops in any location against SSL MITM attacks, allowing users to connect to the internet securely in any Wi-Fi environment. Depending on an organization’s requirements, the same level of security can also be acquired through Check Point’s VPN.
In response to these recent WPA2 vulnerabilities, as illustrated by Vanhoef’s KRACK attack, we advise all mobile users to ensure they have installed a mobile security solution such as SandBlast Mobile and accept any software updates that their mobile provider issues.