Over the last couple of days, a new network threat called KRACK (Key Reinstallation Attacks) was recently announced. The threat of a KRACK attack is relevant for anyone that uses WiFi. With KRACK attacks, hackers can gain access to credit card information, secure passwords, emails etc. which are sent using WiFi.
What are KRACK Attacks and how can they be prevented?
To initiate a KRACK attack, hackers clone your WiFi signal. Next, they get your devices to connect to their fake Evil Twin Access Point so that they can perform a Man In The Middle (MITN) attack on the radio to steal your personal information and data. After learning about the threat, our developers spent the last few days researching and implementing the ability to alert Fingbox users about KRACK threats. Because the Fingbox WIDS (Wireless Intrusion Detection System) detects “Evil Twin” and “Rogue” attacks on your Access Points, it's able to detect and alert you about KRACK attacks and similar MITM attacks.
During a KRACK attack, the hacker will firstly create an Evil Twin Access Point which clones your WiFi signal. The Evil Twin Access Point will use not only the same SSID (Wi-Fi network name) but also with same BSSID (the access point stations ID). Learn more about Evil Twin Access Points in this article. The attacker ensures the Evil Twin Access Point is listening on a different channel than your real Access Point. For example; you have a network called “Fing” which is on channel 11. The attacker will use a new Access Point with exactly the same identifiers, that's listening on a different channel. For example; channel 1. A KRACK attack leverages both of the following techniques to force your WiFi clients (e.g. your mobile devices, laptop, tablets) to reconnect to their Evil Twin Access Point:
After this, your mobile clients will connect to the Evil Twin Access Point, and the actual KRACK exploitation and attack will start. The KRACK attack forces the non-patched client to (re)install an all-zero encryption key. In other words, this means that communication over your mobile clients is no longer encrypted. The KRACK attack combines a MITM attack with nonencrypted data, so the hacker can easily and clearly read all activity and personal data.
The Fingbox Wireless Intrusion Detection System (WIDS) is able to detect Evil Twin Access Points, which is a fundamental part of detecting and stopping KRACK attacks. This feature also enables Fingbox to alert you about many other attack types which leverage Evil Twin Access Points. Once Fingbox identifies an Evil Twin Access Point the immediate actions include:
(Evil Twin Access Point Alert on the Fing Mobile App)
(Evil Twin Access Point Alerts Provided by Fingbox)
Although Fingbox will alert you if it detects an Evil Twin Access Point which can prevent a KRACK attack, it's also very important to take preventative actions to protect your network and devices. Here are a few simple steps you can take to protect your network from KRACK attacks.