ACG-CYBER SECURITY BULLETIN NO 115 UNDERSTANDING KRACK
The following information was obtained from the different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).
The information provided was classified as Restricted pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.
“KRACK is an acronym for Key Reinstallation Attack. It involves an attacker reusing a one-time key that is provided when a client device attempts to join a Wi-Fi network. Doing so could enable point and the client device, which could leave personal details like credit card numbers, meesages and passwords exposed.”1
This vulnerability has been demonstrated effective against Linux-based devices including Linux, Apple iOS, Android 6.0 and above, macOS and OpenBSD. This impacts all Wi-Fi devices including laptops, notepads, phones, IoT devices like Televisions. Microsoft devices are not affected.
KRACK attack was discovered by Mathy Vanhoef of imec-DistriNet. The process starts when a device joins a protected Wi-Fi network and the four-way handshake takes place. The handshake ensures that both the access point and the device have correct login credentials for the network and generates an encryption key for protecting the web traffic. The encryption key is installed on the step three of the four-way handshake, but the access point will sometime resent the same key if it believes that the message may have been lost or dropped. The attackers can force the access point to install the same encryption key which the intruder can then use to attack the encryption protocol and decrypt data.
PNP personnel and the public are advised to follow the tips in order to avoid KRACK Attack Vulnerability:
- Avoid connecting to public Wi-Fi hot spots unless you confirm your device is adequately patched.
- Ensure that your Wi-Fi router is protected with a password.
- Upload the latest Operating System to all of your Wi-Fi enabled devices.
- Upload any additional firmware patches that your manufacturers recommend.
- If your device is not properly patched, plug it directly into the network with an Ethernet cable.
- Use only Virtual Private Networks (VPNs) from reputable providers. Free VPNs can be vulnerable.
For additional information, please refer to the following websites:
POINT OF CONTACT