By Galen Charlton
Earlier this week Mathy Vanhoef of the imec-DistriNet research group at the Katholieke Universiteit Leuven announced his discovery of a set of related vulnerabilities in WPA2, a protocol used to encrypt communications over wireless networks. KRACK, as Vanhoef dubbed the vulnerability, expands to Key Reinstallation Attacks.
The vulnerability exploited by KRACK lies with how Wi-Fi devices set up keys for encrypted communications when connecting to a wireless access point. Under certain circumstances, an attacker who is physically in range of the wireless network can interfere with the process of installing a session key during the initial handshake. In particular, it is possible to force a Wi-Fi client to reinstall the session key with previously-used cryptographic nonces. When that happens, depending on the particular WPA2 protocol options in effect, the attacker can then go on to decrypt or forge wireless frames. In turn, this can enable further attacks; for example, If the Wi-Fi device then (say) connects to a website over plain HTTP, the attacker could snoop on the traffic or potentially inject extra content.
The KRACK attack primarily affects Wi-Fi clients, but can also affect access points and routers, particularly if the 802.11r protocol for fast roaming is in use.
Linux and Android are particularly vulnerable to KRACK attacks, but Windows, macOS, and iOS are also affected. As of this writing, patches are available for all major Linux distributions and supported versions of Windows. Apple has issued patches for beta versions of macOS and iOS that should make their way into general release soon, and Google is reported to be working on patches for Android. Manufacturers of access points and wireless routers have also started releasing patches.
Since attackers need to be in the same physical area as the network they wish to attack, many organizations can mitigate potential (external) KRACK attacks simply by attending to physical security and keeping visitors out.
Of course, many libraries operate public Wi-Fi services that use WPA-PSK or necessarily must allow patrons to be in range of protected networks for library staff. To avoid the potential for interference with library networks or snooping on patrons’ online activity, libraries can take the following steps to mitigate the risk.
- Apply patches to library computers and network equipment as they become available.
- Switch devices such as patron and circulation workstations over to wired Ethernet where possible.
- If you use 802.11r (fast roaming) on your wireless networks, consider turning it off until you have an opportunity to patch your access points.
- Promote the use of HTTPS Everywhere.
- If your library offers technology training for patrons, consider offering sessions about managing software updates.
Some points about KRACK and the way it was announced point out general issues of concern for staff responsible for securing library networks and resources:
- Library skills regarding the evaluation of sources of information apply to security announcements, too.
Going by the headlines, the KRACK attack “destroys nearly all Wi-Fi security” (Ars Technica), is something not to worry about (Lawfare), or in any event is not worth burning the house down (Kevin Beaumont). A more nuanced take is offered by Bruce Schneier.
Who benefits from exaggerating the impact of a vulnerability — or downplaying it? Who has demonstrated expertise in network security — and who is just speculating or even posing? It can be hard to evaluate claims about computer security, and even more so when cryptography is discussed.
KRACK, since it involves a vulnerability in most implementations of a widely-used protocol, is serious, but the degree of your library’s exposure to it heavily depends on the specifics of which WPA2 protocol options you use and the devices that connect to them. When evaluating your potential risk, first, don’t panic — but pay attention to security news, particularly bulletins from the manufacturers of your wireless network equipment.
- When in doubt, patch.
Regardless of the specific impact on your library, KRACK is certainly worth patching against. Patches can be expected for most supported devices and should be applied as they become available. CERT maintains a list of vendors and operating system providers that may have patches available.
- We do not live in the Platonic realm where mathematical proofs of the security of protocols can ignore implementation details.
Vanhoef’s KRACK cites a formal proof (Changhua He et al. 2005) of the correctness of various aspects of the IEEE 802.11i standard underlying WPA2 — then points out that while the proof remains correct, it was not complete as it failed to model the installation (and reinstallation) of keys.
The deficiencies in the model can presumably be corrected — but, of course, there’s no guarantee that every implementation will fully and correctly match the model that was formally validated.
For the library IT worker who is not in a position to personally verify formal proofs, those proofs amount to a useful data point for selecting protocols to require, but the proofs can not replace testing and monitoring the implementations that are actually deployed.
- Defense in depth matters.
Depending on the specific WPA2 protocol options in effect, a successful KRACK attacker may be able to decrypt or forge packets between a wireless device and the access point. However, that doesn’t give the attacker any special way to decrypt HTTPS traffic as TLS encryption occurs at a higher protocol layer — although as demonstrated in Vanhoef’s video, an attacker may be able to force a client’s web browser to downgrade connections to HTTP if the secure website is not configured properly.
The lesson for libraries: efforts to promote the adoption of mandatory HTTPS across the board should continue, and can help mitigate weaknesses in other protocols.
- The Internet of Things (IoT) is going to remain a headache for library IT staff.
As Brian Barrett points out in Wired, while many computers, mobile devices, and routers will get patched against KRACK sooner or later, many will never be, including IoT devices. A lightbulb that acts as a Wi-Fi range extender may have been made by a manufacturer that no longer exists or no longer supplies software updates — or never did. If updates are available, it may not be easy to apply them.
The potential impact of a compromised IoT device can vary widely. If an attacker manages to convince an IoT garage door opener to keep the library’s loading dock door closed; it can be a nuisance. If the door is instead induced to open up, the nuisance could turn into loss. Alternatively, a compromised device could become an entry point into the library’s network for snooping or bulk downloading of sensitive information — as apparently was the case for a casino operating an Internet-enabled fish tank.
What should a library do? For starters, keep track of all devices purchased by the library that can connect to networks. Bear in mind one lesson of the Wi-Fi light bulb: IoT devices can slip in through budget lines other than that of the systems department. Prefer manufacturers that credibly claim to provide software updates and a way for them to be applied automatically — but also budget for when those updates stop and it may be better to replace the devices.
To sum up, KRACK as a vulnerability in Wi-Fi encryption does represent a risk to patron privacy and the security of library networks, so patch early and often… but don’t panic.
Galen Charlton is Infrastructure Manager at the Equinox Open Library Initiative and a contributor to the Evergreen and Koha open source ILS projects. He can be found on Twitter as @gmcharlt.