A massive number of technology vendors had to scramble to find patches and updates for their customers when researchers discovered a seemingly universal Wi-Fi flaw.
Belgian researchers last week announced findings from a year-long study, which shows vulnerability in the Wi-Fi Protected Access II (WPA2) security protocol that guards most wireless networks. Skilled cyber attackers can exploit the flaw using a Key Reinstallation Attack, also known as KRACK. The implications are far reaching because the vulnerability is tied to a protocol and not a particular piece of hardware or software.
“The attack … allows a capable, threat actor the ability to inject malicious data into unencrypted HTTP connections. During a supposedly secure session an attacker can abuse this to inject ransomware or malware into websites that the victim is visiting. All companies using WPA2 are impacted and at risk,” said Stephen Gates, chief research intelligence analyst for Zenedge.
Dallas Bishoff, director of security services for Stratiform, tells Channel Partners that only a very skilled threat actor can successfully exploit the vulnerability. The attacker would have to be close enough to the get the wireless signal of a network that is secured with WPA2 and inject an encryption mechanism key. And in the case of a transaction on a bank website, a separate encryption process remains unexposed.
“Despite the hyberbole inside the marketplace, it has relatively limited considerations,” Bishoff said.
Gates agrees that the attack is not proven to be “remotely executable,” which means that the threat actor must be physically close to the target.
“However, the vulnerability in the actual ‘protocol standard’ itself will have a massive fallout, as there are millions upon millions of vulnerable Wi-Fi networks, operating systems and applications that will likely take a considerable amount of time to patch,” Gates said.
But panic over that fallout may overblown, because vendors have responded quickly to the problem. Bishoff says most vendors already know about the flaw and have released patches that address it.
“So in most cases for business networks, the vulnerability won’t even be possible by the end of the week,” he said.
But one type of business faces an elevated risk, according to Bishoff.
“The place where it would have the most impact is small businesses that don’t have the technical skill sets to do updates and patches on their devices, and home networks where most casual users don’t understand how to maintain technical equipment,” he said.
Isaac Adegbemle, chief technology officer of the managed services provider Systemverse, says his business’ role in the response was identifying its vulnerable clients and the vendors they used. He says the MSP’s main vendors – Cisco, Microsoft and Ubiquiti Networks – each responded …
AT&T, CenturyLink and Connectwise are among those adding drama to telecom, IT and the channel since last fall. https://t.co/YTBVQGjWqt
February 24 2018 @ 12:15:30 UTC