Attention Public Safety!
As you may already be aware, an encryption related vulnerability has surfaced regarding the Wi-Fi protocol’s ability to keep your data protected. NENA has already issued a well-written bulletin on the subject, and we would like to make sure our friends without access to the newsletter see this as well.
Here are some key highlights:
- All Wi-Fi is affected! This is an inherent weakness in the WPA2 key exchange which allows an attacker to force a renegotiation of the encryption handshake through them. This will ultimately allow them to see all your traffic as if it were unencrypted. Unfortunately, remediation requires patching workstations, cell phones, IoT devices, routers, gateways and repeaters.
- Attackers need physical proximity. While this is good news, we shouldn’t get comfortable. The clichéd “unmarked van sitting outside the center” image comes to mind, but a creative hacker could simply plant a malicious device somewhere on premise.
- There may already be exploits in the wild. While some sources speak to the contrary, SecuLore’s engineering team believes the proof of concept is relatively straightforward to convert to a working attack against many different types of systems.
- Anything Android or Linux could be vulnerable to code injection as well as decryption. There is a bug in the way these operating systems implement WPA which further allows an attacker to add their own traffic to the stream.
Here are a few important things we can do to mitigate this vulnerability:
- Microsoft, Apple, and Cisco have patches available. We should all be running our Windows Update this week on all our devices. This will prevent the attack from working on those endpoints, but an attacker can choose any unpatched endpoint as a target. Cisco has fixes for many of their devices, but keep in mind that some of our old equipment will have to be replaced. The sooner we act, the safer we’ll be.
- Use VPNs and other protocols with encryption. This way, all a hacker will see upon decrypting your Wi-Fi traffic is more encrypted traffic. This is a good way to mitigate risk while network devices are being patched.
- Treat Wi-Fi devices as untrusted. Especially IoT devices.
- Disable Fast Roaming (802.11r). If your network devices are capable of disabling fast roaming, this may mitigate the attack. The reason is that fast roaming uses the 4-way handshake which is vulnerable, while pre 802.11r devices use a slower, more complex handshake.
NENA’s bulletin has a more thorough list of mitigation steps for PSAPs, and we encourage you to read it. Again, this bulletin can be found here.
In response to this threat:
The SecuLore CyberBenchmark™ now includes a Wi-Fi device assessment to help identify and address this vulnerability. CyberBenchmark is a network evaluation built according to recommendations from the FCC Task Force on Optimal PSAP Architecture. This assessment provides a comprehensive cybersecurity review of your PSAP, including internal and external scans, live traffic analysis, a data architecture review and policy guides. If this is of interest to you, feel free to contact us.
We cyber-protect our nation’s most important number, and this is part of that mission.
Sources of technical reading:
- Key Reinstallation Attacks
Breaking WPA2 by forcing nonce reuse - Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
Stay cyber-safe,
Other Alerts
Cyber-Protecting Our Nation’s Critical Infrastructure
At SecuLore, our mission is to cyber-protect our nation’s critical infrastructure. Led by experts in 9-1-1 technology, cyberwarfare, and ethical hacking, our team provides the technology, expertise, and training needed to defend customers from increasingly sophisticated cyber threats.