Summary: We provide an overview of the KRACK Attack targeting Wi-Fi security.<br> <br> KRACK Attack<br> On October 16th, 2017 a vulnerability within WPA2 security was released. In this episode, we provide an overview of what the KRACK Attack is, how it affects Wi-Fi networks, and what you can do to seal this security threat.<br> KRACK Attack targets a weakness in the 4-Way Handshake. Specifically, the key management process. Within the 4-Way Handshake it is possible for an attacker to reinstall an already in use key. This is a security weakness because it causes devices to reinstall a key. Keys should only be installed once thus causing a weakness in security.<br> An attacker would need to perform a Man-In-The-Middle attack in order to be successful in pulling off the attack.<br> This means Wi-Fi devices are at risk. This becomes the challenge with ensuring security. All devices would need to receive this security patch.<br> On the infrastructure side, an attacker would be able to perform a replay attack on APs with 802.11r enabled. Major vendors are releasing a patch for this vulnerability but as a workaround you could disable 802.11r.<br> Listen in on our discussion around KRACK Attack, our thoughts, and our opinions on security as a whole.<br> Links & Resources<br> <br> * <a href="https://www.packet6.com/vulnerabilities-wpa2-wi-fi-krack-attack/" target="_blank" rel="nofollow noopener">Packet6 – KRACK Attack</a><br> * <a href="https://www.semfionetworks.com/blog/fully-understand-krack-in-2h" target="_blank" rel="nofollow noopener">Semfio Networks – Understand KRACK in 2 Hours</a><br> * <a href="http://www.revolutionwifi.net/revolutionwifi/2017/10/wpa2-krack-vulnerability-getting-information" target="_blank" rel="nofollow noopener">Revolution WiFi – WPA2 KRACK Vulnerability – Getting Information</a><br> * <a href="https://www.krackattacks.com/" target="_blank" rel="nofollow noopener">KRACK Attacks.com</a><br> <br>
