KRACK attack

Prowess Wireless has been providing support for KRACK attack updates for variety of clients and Access Point solutions based on different chipsets. The KRACK refers to a vulnerability which poses a security threat in Key installation and due to possible manipulation can result in retrieval of data on WPA2 AES based systems without being part of the network.

The patch for the solutions are added in the supplicant and in some case in the driver and Prowess has been supporting to provide updates as needed by end customer needs and requirement and also considering the availability of sources (driver/supplicant) to make the needed changes.

Prowess Wireless also has the fully automated test setup to validate the Krack vulenerability, so that the fixes are effectively integrated and validated. Specific tests are done for AP and client solutions along with testing of dependent features like 802.11r fast transition, roaming features etc which may have possible impact due to updates needed for KRACK fix

What is the solution for Crack ?

These are the typical queries which has come from most of the vendors and customers.

1. Is the open source wpa_supplicant patch enough for the solution ? In most typical solutions, the patch at wpa_supplicant would suffice for a KRACK fix. But let us revisit the fact that KRACK is mainly around the security key Installation and execution of code associated with the handshake. So there is always a dependency on Architecture used by the chipset to conclude the approach needed for the right solution. In some cases and to handle some additional corner cases arising out of KRACK, a firmware or driver level update may be required.

2. What is the patch for Windows or WEC7 ?

A large set of KRACK attack possibilities are already handled by architecture of Windows supplicant. For certain additional cases, fixes are mostly required at NDIS miniport driver layer level. If chipset uses a driver - firmware architecture, there is a remote possibility which may need update in firmware.

1. How are things handled in Access Points ? In most cases, update in hostapd would suffice. Same rules apply as above based on chipset and driver architecture.

2. What are the methods to verify that Crack patch is working ? There are specific test plan which can be run for verifying the fix. There are validation requirements as specified by Wi-Fi alliance also to cover the crack vulnerability testing. Prowess has solution for providing fixes for most chipsets and validated and proven setup to test and validate the vulnerability. The tests for vulnerability will be run before and after the required patches are applied to verify the impact of the added patches and solutions also include a detailed vulnerability report for the intended solution.

#KRACK #Vulnerability #security