Black Monday - KRACK and ROCA vulnerabilities

Black Monday – KRACK WiFi and ROCA RSA vulnerabilities

Are you affected by KRACK and ROCA, and how can you manage this?

Monday October 16th, 2017 is already being referred to as “Black Monday” in information security circles.

In case you haven’t already heard the news, two separate major security vulnerabilities – KRACK and ROCA – were announced that affect everyone globally who uses WiFi or public key encryption respectively.

KRACK – WiFi WPA2 Vulnerability

The KRACK (Key Reinstallation Attacks) vulnerability allows attackers to decrypt connections that are encoded using the WPA2 protocol. This is bad news, as most WiFi devices uses this form of encryption. In fact, around 60% of all WiFi networks in the world are secured using WPA2 according to Wigle.net (https://wigle.net/stats#).

Researchers at KU Leuven (University of Leuven) in Belgium have found that the issue stems from a inherent weakness in the cryptographic standard itself, rather than being caused by indvidual devices or coding errors.

Once bypassed, hackers can intercept sensitive data such as passwords, credit card details, online banking or other login information. They could aso theoretically inject malware, ransomeware, or other malicious code into the WiFi network.

Who is affected?

Basically any device that uses WiFi can be assumed to be vulnerable. This includes the routers themselves, as well as anything connected to WiFi networks – routers, PCs, laptops, tablets, phones, IoT devices, etc.

Manufacturers and products that may be impacted include Apple, Android, Linksys, Netgear, Linux, Nest, Cisco, Amazon, and more.

How can I manage or resolve the issue?

Firstly, check for updates from the manufacturers of all devices on your network. Keep an eye on their websites for news on when patches will be available, and install them as soon as possible.

ZDNet and BleepingComputer both have lists of the patches that are currently available and on the way.

In the meantime it is advisable to avoid using public WiFi, or WiFi hotspots that are in or around crowded areas until you are sure that all elements have been secured.

Where can I learn more?

You can read more of the technical details around the KRACK vulnerability at https://www.krackattacks.com. The information is provided by the researchers themselves, along with an academic paper and video:

ROCA (CVE-2017-15361) – RSA Encryption Vulnerability

Potentially impacting billions of devices, the ROCA (Return of Coppersmith’s Attack) vulnerability was discovered by security researchers at Masaryk University in the Czech Republic.

They found a severe flaw in the RSA cryptographic library used in a wide range of cryptographic chips produced by German semiconductor manufacturer Infineon Technologies.

The encryption vulnerability affects the RSA key pair generation by Infineon’s Trusted Platform Module (TPM). It effectively means that a remote attacker could use the value of an RSA public key to compute the associated private key. This could then be used to decrypt sensitive data, or even to impersonate the owner of the private key.

Who is affected?

The RSA library and chips in question are widely used, and are integrated into encryption tokens and products made by other vendors. They are used in authentication, encryption, signatures, message protection, and also for secure browsing using TLS/HTTPS.

You should therefore assume that you are probably are impacted, and carry out investigations accordingly.

Potential impact of ROCA vulnerability

How can I manage or resolve the issue?

Some of the major vendors including Microsoft, Goole, Lenovo, HP, and Fujitsu have already released software updates and guidelines to help mitigate the issue.

You can also use the tools created by the researchers to find out if you are using any chips with the vulnerable RSA library (see below).

Where can I learn more?

Here’s the full post and list of tools from the researchers.

Want to become an Ethical Hacker or a Computer Hacking Forensic Investigator? ISCN has partnered with EC-Council and other training providers to bring you discounts on some of the most popular and in demand cybersecurity training courses and certifications, including: