Head blueLogoText.gif NCF HelpWiki
Help | StartPage

Difference between revisions of "KRACK Vulnerability"

From Support
Jump to: navigation, search
(Should I be worried?)
 
(46 intermediate revisions by 4 users not shown)
Line 1: Line 1:
Disclaimer: This page is specifically written to help members with limited technical knowledge or experience understand the most relevant aspects of this topic for them. We include some helpful links below for further study.   
+
This page is specifically written to help members to understand the most relevant aspects of '''KRACK''' Wi-Fi attacks.   
  
=What is KRACK?=
+
==What is KRACK?==
* KRACKs stands for Key Reinstallation Attacks and describes attacks on Wi-Fi networks using weaknesses in WPA2 protocol which secures most modern protected Wi-Fi networks.
+
* KRACK stands for Key Re-installation Attack and refers to attacks on Wi-Fi networks using weaknesses in the WPA2 protocol which secures most modern protected Wi-Fi networks.
* KRACKs allows attacker to read and access information on your wifi network that was considered secured.
+
* KRACK allow attackers to read and access information on Wi-Fi networks that were considered secured.
* Wi-Fi networks use a password through WPA2 for 2 general purposes:
+
* Wi-Fi networks use a password through WPA2 for two general purposes:
** Control who can connect to the network; and
+
** Controlling who can connect to the network; and
** Encrypt (or conceal) the data shared over the network between the access point (Modem or Router) and clients (computers, phones, tablets, etc). Encryption is done by the Wi-Fi password to generate an even stronger key that is used to scramble the data between the access point and client.
+
** Encrypt (or conceal) the data shared over the network between the access point (Router) and clients (computers, phones, tablets, etc). Encryption is done by using the Wi-Fi password to generate an even stronger key that is used to encrypt the data between the access point and client.
  
=Why should I care?=
+
==Why should I care?==
* WPA2 is widely used and presently the strongest form of Wi-Fi security available to the average person including modems configured by NCF.
+
* WPA2 is widely used and is presently the strongest form of Wi-Fi security available to the average person including modems configured by NCF.
* Variations of KRACK can be used against clients of various kinds including devices running Android, Apple OSes, Windows and Linux.
+
* Almost every client device is vulnerable to KRACK whether on Wi-Fi at home or elsewhere.
 +
** Variations of KRACK can be used against clients of various kinds including devices running Android, Apple, Windows and Linux OSs.
  
=Important Things to Note:=
+
==Should I be worried?==
* NCF modems with standard configuration are not vulnerable to KRACK however your client devices may be.
+
'''NO'''. Why?
**However, once firmware updates are provided by our hardware vendors we will make them available for members.
+
* '''NCF modems with standard configuration are NOT VULNERABLE to KRACK.''' Nevertheless, NCF will continue the practice of making firmware updates available as they become available from our modem providers.
* Vulnerability vs Infection: Devices having a vulnerability to a particular attack does not mean that you device are already infected or even at a high risk of infection. Follow the recommendations below to guard against this vulnerability.   
+
** Modems or routers connected to each other in a wireless chain (using WDS) are potentially at risk unless a firmware patch is applied.
* Proximity: An attacker needs to be within wireless range of your network that (close enough to connect to your wifi).
+
** Also, other networking devices like Wi-Fi repeaters and extenders which are not connected to your modem by Ethernet may be vulnerable.
* Time: This attack works during the periods of connection and reconnection of your client device to a wifi network. As such, an attacker has a very limited time window in which to try employing this attack (usually a few seconds).
+
* And, although your modem/router may not be vulnerable, your client devices may be. Updating your devices with a security patch that address KRACK will protect each device from this vulnerability.
 +
* Vulnerability vs. Infection: Be vigilant but not anxious. A security vulnerability on a device does not mean that the device is already infected or has a high likelihood of being infected. Follow the recommendations in the sections below to be safe against this vulnerability and keep informed.   
 +
* Proximity: An attacker needs to be within Wi-Fi range of your network (close enough to connect to your Wi-Fi).
 +
* Time: This attack works only during periods of connection and re-connection of your client device to a Wi-Fi network. As such, an attacker has a very limited time window in which to attempt this attack (usually a few seconds).
  
=What should I do?=
+
==What should I do?==
# Update the operating system on your phone, computer and other client devices when they receive security updates.
+
[[File:HTTPS_ncf.PNG|300px|thumb|right|NCF website showing secure logo]]
#* Microsoft - has included a fix for KRACK in their security updates starting October 10th (Updates are available for Windows 10, 8.1, 8 and 7).
+
# Update the operating system on your phone, computer and other client devices when they receive security updates. Each device you update becomes protected against the KRACK vulnerability.
#* Apple - currently has a fix that isn't availble on the stable version of the operating systems yet. It should become available within the
+
#* You can [https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it check if your client devices have received updates]  
#* Android - getting timely security updates is messy and sometimes impossible because hardware vendors and mobile network control if and when those updates are delivered. We recommend using a trusted [https://www.ncf.ca/ncf/support/wiki/Virtual_Private_Networks VPN] service if you can.
+
# Do not trust Wi-Fi outside of your home (public Wi-Fi). KRACK is just one of many known security risks associated with using public Wi-Fi. Using a trusted [[Virtual Private Network]] (VPN) service is one way of keeping your data encrypted on public Wi-Fi.  
#* Linux -  
+
# Connect your devices, where possible, to the router by Ethernet cables, especially those without an available security update.
# NCF recommends that you do not use public wifi. KRACK is just one of many known security risks associated with using public wifi. Using a trusted [https://www.ncf.ca/ncf/support/wiki/Virtual_Private_Networks VPN] service is one way of keeping your data encrypted on public wifi.
 
# Connected your devices where possible to the modem by ethernet especially if there is not security update available for them yet. This is also an effective way to avoid Wi-Fi interference which can cause slow Wi-Fi connection is congested areas.
 
 
# Use HTTPS to connect to secured services and websites. This means information transmitted to such web pages will have end-to-end encryption. Web pages that use HTTPS or another secure connection will include HTTPS in the URL.
 
# Use HTTPS to connect to secured services and websites. This means information transmitted to such web pages will have end-to-end encryption. Web pages that use HTTPS or another secure connection will include HTTPS in the URL.
#* Check on your browser's address bar to ensure the. If your browser shows a little lock in the address bar and says "secure," you should be safe.   
+
#* Check on your browser's address bar to ensure the above. If your browser shows a little lock in the address bar and says "secure," you should be safe.   
#* HTTPS Everywhere on Chrome [https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp]
+
#* [https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp HTTPS Everywhere for Chrome]
#* HTTPS Everywhere on Mozilla Firefox [https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/]
+
#* [https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp HTTPS Everywhere for Mozilla Firefox]
# Consider using a VPN service. You can learn more about VPN services [https://www.ncf.ca/ncf/support/wiki/Virtual_Private_Networks here]
+
# Consider using a [[Virtual_Private_Networks|VPN]] service.
  
=How can I learn more?=
+
==External links==
 
*[https://www.krackattacks.com/ Krack Attacks Website by Mathy Vanhoef of imec-DistriNet]
 
*[https://www.krackattacks.com/ Krack Attacks Website by Mathy Vanhoef of imec-DistriNet]
 
*[https://www.krackattacks.com/#faq Krack Attacks FAQ]
 
*[https://www.krackattacks.com/#faq Krack Attacks FAQ]
Line 40: Line 42:
 
*[https://www.ncf.ca/ncf/dg/dgView.jsp?thread=19659 NCF Discussion Group on KRACK]
 
*[https://www.ncf.ca/ncf/dg/dgView.jsp?thread=19659 NCF Discussion Group on KRACK]
 
*[http://www.tp-link.com/en/faq-1970.html TP-Link KRACKs Vulnerability Statement]
 
*[http://www.tp-link.com/en/faq-1970.html TP-Link KRACKs Vulnerability Statement]
 +
* Good online references for understanding some of the terms used in this article are [https://www.webopedia.com Webopedia] and [https://en.wikipedia.org Wikipedia]
 +
 +
[[Category: DSL]]

Latest revision as of 19:10, 11 November 2017

This page is specifically written to help members to understand the most relevant aspects of KRACK Wi-Fi attacks.

What is KRACK?

  • KRACK stands for Key Re-installation Attack and refers to attacks on Wi-Fi networks using weaknesses in the WPA2 protocol which secures most modern protected Wi-Fi networks.
  • KRACK allow attackers to read and access information on Wi-Fi networks that were considered secured.
  • Wi-Fi networks use a password through WPA2 for two general purposes:
    • Controlling who can connect to the network; and
    • Encrypt (or conceal) the data shared over the network between the access point (Router) and clients (computers, phones, tablets, etc). Encryption is done by using the Wi-Fi password to generate an even stronger key that is used to encrypt the data between the access point and client.

Why should I care?

  • WPA2 is widely used and is presently the strongest form of Wi-Fi security available to the average person including modems configured by NCF.
  • Almost every client device is vulnerable to KRACK whether on Wi-Fi at home or elsewhere.
    • Variations of KRACK can be used against clients of various kinds including devices running Android, Apple, Windows and Linux OSs.

Should I be worried?

NO. Why?

  • NCF modems with standard configuration are NOT VULNERABLE to KRACK. Nevertheless, NCF will continue the practice of making firmware updates available as they become available from our modem providers.
    • Modems or routers connected to each other in a wireless chain (using WDS) are potentially at risk unless a firmware patch is applied.
    • Also, other networking devices like Wi-Fi repeaters and extenders which are not connected to your modem by Ethernet may be vulnerable.
  • And, although your modem/router may not be vulnerable, your client devices may be. Updating your devices with a security patch that address KRACK will protect each device from this vulnerability.
  • Vulnerability vs. Infection: Be vigilant but not anxious. A security vulnerability on a device does not mean that the device is already infected or has a high likelihood of being infected. Follow the recommendations in the sections below to be safe against this vulnerability and keep informed.
  • Proximity: An attacker needs to be within Wi-Fi range of your network (close enough to connect to your Wi-Fi).
  • Time: This attack works only during periods of connection and re-connection of your client device to a Wi-Fi network. As such, an attacker has a very limited time window in which to attempt this attack (usually a few seconds).

What should I do?

NCF website showing secure logo
  1. Update the operating system on your phone, computer and other client devices when they receive security updates. Each device you update becomes protected against the KRACK vulnerability.
  2. Do not trust Wi-Fi outside of your home (public Wi-Fi). KRACK is just one of many known security risks associated with using public Wi-Fi. Using a trusted Virtual Private Network (VPN) service is one way of keeping your data encrypted on public Wi-Fi.
  3. Connect your devices, where possible, to the router by Ethernet cables, especially those without an available security update.
  4. Use HTTPS to connect to secured services and websites. This means information transmitted to such web pages will have end-to-end encryption. Web pages that use HTTPS or another secure connection will include HTTPS in the URL.
  5. Consider using a VPN service.

External links