AT&T and CenturyLink have not reported that any of their broadband customers have been affected by the KRACK (or Key Reinstallation Attack) Wi-Fi vulnerability that was recently discovered by researcher Mathy Vanhoef.
While not providing a specific statement on whether it had seen any issues from the vulnerability, AT&T cited a statement put out by the Wi-Fi Alliance.
The alliance said in a release that “there is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections.”
Fellow telco CenturyLink, which also has over 1 million broadband subscribers using Wi-Fi routers to connect to the internet via their broadband connections, also said it has not seen any issues.
Stephanie Meisse, a CenturyLink spokesperson, told FierceTelecom in an e-mail that it has not seen any issues, but it is ready to react if needed.
“CenturyLink has worked closely with our gateway providers and has determined that the devices provided by CenturyLink are not currently affected based on the known characteristics of the vulnerabilities,” Meisse said. “We will continue to monitor the situation and, if something changes, we will take appropriate action to protect our customers.”
Meanwhile, TDS Telecom who regularly educates customers about security issues and safeguards, told FierceTelecom that it is “actively looking at the issue, but has not seen anything of note.”
Defining KRACK
So, what is KRACK and why should Wi-Fi users be aware of it?
KRACK exploits weaknesses in WPA2, a protocol that secures all protected Wi-Fi networks. This vulnerability could enable a hacker to break the encryption between a router and a device, allowing them to intercept and interfere with network traffic.
A hacker could steal sensitive information such as credit card numbers and passwords, for example.
After a user connects to a Wi-Fi hotspot in their home or at the local coffee shop, their laptop or mobile device will conduct forward handshake. During this process, the user’s password is confirmed and establishes the encrypted connection between the router and the device.
Harold Li, Vice President of ExpressVPN, a company that provides internet users with a secure tunnel between two or more devices, told FierceTelecom that the key issue is the forward handshake that occurs when a user connects to a Wi-Fi network.
“In a forward handshake where the client and access point negotiate an encryption key, if the third part of the handshake is repeated that’s what triggers the KRACK vulnerability,” Li said. “The reason the router repeats the third handshake is that there’s been some interference so the router is programmed by default to retransmit the third part of the handshake and that’s where the problem is.”
An elusive problem
To resolve any potential issues, various key software and Wi-Fi gateway players have been pushing patches to Wi-Fi users.
The Wi-Fi Alliance says that users should expect that all their Wi-Fi devices, whether patched or unpatched, will continue working well together. Wi-Fi Alliance now requires testing of the KRACK vulnerability with its global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member.
Additionally, the Wi-Fi Alliance said it is communicating details on this vulnerability and remedies to device vendors and encouraging them to work with their solution providers to rapidly integrate any necessary patches. However, the Alliance has advised Wi-Fi users to make sure that they install latest recommended updates from device manufacturers.
Bitglass, a provider of cloud-based security services for enterprises managing multiple on-premises and remote devices, said it is working with its partners to help alleviate and thwart any issues.
“The whole industry is rallying together to fix the flaw,” said Salim Hafid, product manager for Bitglass, in an interview with FierceTelecom. “Now that the flaw has been identified, it’s an easy fix and it requires updates across the board.”
Hafid added that “a lot of these things are automatic and have been pushed to the devices with the latest versions of IOS and MAC OS already include a fix for the vulnerability, but it takes time.”
Still, what makes the KRACK vulnerability difficult to resolve is that it is hard to isolate.
“It’s one of those instances where a user could be compromised and you would have no idea,” said ExpressVPN’s Li. “With any man in the middle type Wi-Fi attacks, a hacker might be pilfering a user’s data and it’s hard to pinpoint where that came from.”