Welcome Discount! Save $5 off any Fingbox purchase with promo code WELCOME5.
Get Promo
Image of Improve Home Network Security
IoT Devices Are Changing Our Networks: How to Improve Home Network Security
April 5, 2017
Image of a lock sat on a keyboard to symbolize protecting against krack attack
KRACK Attack Protection: Top 5 Ways to Protect Yourself Against a KRACK Attack
November 1, 2017

KRACK Attack Detection – KRACK Attack Protection – What are KRACK Attacks and how can they be prevented?

krack attack detection fingbox

KRACK Attack Detection – Protecting your Network from KRACK Attacks

Over the last couple of days, a new network threat called KRACK (Key Reinstallation Attacks) was recently announced. The threat of a KRACK attack is relevant for anyone that uses WiFi.

With KRACK attacks, hackers can gain access to credit card information, secure passwords, emails etc. which are sent using WiFi.

What are KRACK Attacks and how can they be prevented?

To initiate a KRACK attack, hackers clone your WiFi signal. Next, they get your devices to connect to their fake Evil Twin Access Point so that they can perform a Man In The Middle (MITN) attack on the radio to steal your personal information and data.

After learning about the threat, our developers spent the last few days researching and implementing the ability to alert Fingbox users about KRACK threats.

Because the Fingbox WIDS (Wireless Intrusion Detection System) detects “Evil Twin” and “Rogue” attacks on your Access Points, it’s able to detect and alert you about KRACK attacks and similar MITM attacks.

(Fingbox Network Security System)

KRACK Attacks Explained

During a KRACK attack, the hacker will firstly create an Evil Twin Access Point which clones your WiFi signal. The Evil Twin Access Point will use not only the same SSID (Wi-Fi network name) but also with same BSSID (the access point stations ID). Learn more about Evil Twin Access Points in this article.

The attacker ensures the Evil Twin Access Point is listening on a different channel than your real Access Point. For example; you have a network called “Fing” which is on channel 11.

The attacker will use a new Access Point with exactly the same identifiers, that’s listening on a different channel. For example; channel 1.

A KRACK attack leverages both of the following techniques to force your WiFi clients (e.g. your mobile devices, laptop, tablets) to reconnect to their Evil Twin Access Point:

  • De-authentication packets are sent to your mobile devices, which force them to disconnect and search again for a WiFi signal
  • CSA beacons: mobile clients receive a fake announcement from the Access Point, that the channel is switching to another one

After this, your mobile clients will connect to the Evil Twin Access Point, and the actual KRACK exploitation and attack will start. The KRACK attack forces the non-patched client to (re)install an all-zero encryption key. In other words, this means that communication over your mobile clients is no longer encrypted.

The KRACK attack combines a MITM attack with nonencrypted data,  so the hacker can easily and clearly read all activity and personal data.

KRACK Attack Detection KRACK Attack Prevention

KRACK Attack Detection

The Fingbox Wireless Intrusion Detection System (WIDS) is able to detect Evil Twin Access Points, which is a fundamental part of detecting and stopping KRACK attacks. This feature also enables Fingbox to alert you about many other attack types which leverage Evil Twin Access Points.

Once Fingbox identifies an Evil Twin Access Point the immediate actions include:

  • Turn off your WiFi network equipment for 15 minutes and wait. Make sure to turn off or disable WiFi from all client devices (like e.g. mobile phones, laptops, etc).
    Then restart networking and see if the Evil Twin Access Point still appears.
  • If the problem persists, you can contact Fing support to check if it’s a false alarm – but a false alarm is not likely to happen because of our persistent testing against false alarms.

(Evil Twin Access Point Alerts Provided by Fingbox) 

(Evil Twin Access Point Alerts Provided by Fingbox) 


KRACK Attack Protection and Prevention

Although Fingbox will alert you if it detects an Evil Twin Access Point which can prevent a KRACK attack, it’s also very important to take preventative actions to protect your network and devices. Here are a few simple steps you can take to protect your network from KRACK attacks.

  1. Update the firmware of all of your WiFi devices with official fixes to the KRACK attack threat. WiFi devices include mobile phones, tablets, laptops, smart watches – any IoT WiFi device
  2. Update the passwords and firmware of all of your WiFi access points and routers, even if the issue is mostly on the WiFi device side
  3. Browse secure HTTPS websites which leverage encryption
  4. Get Fingbox to protect your network
Violet Chepil
Violet Chepil
Head of Marketing at Fing