16 October 2017
I don't normally blog twice in one day (these days, I'm lucky to post twice in one month), but a nasty thought happened to occur to me, one that's worth sharing. (Thinking nasty thoughts is either an occupational hazard or an occupational fringe benefit for security people—your call…)
I, along with many others, noted that the KRACK flaw in WiFi encryption is a local matter only; the attacker has to be within about 100 meters from the target. That's not quite correct. The attacking computer has to be close; the attacker can be anywhere.
I'm here at home in a Manhattan apartment, typing on a computer connected by wired Ethernet. The computer is, of course, WiFi-capable; if I turn on WiFi, it sees 28 other WiFi networks, all but two of which use WPA2. (The other two are wide open guest networks…) Suppose someone hacked into my computer. They could activate my computer's WiFi interface and use KRACK to go after my neighbors' nets. Better yet, suppose I'm on a low-security wired net at work but am within range of a high-security wireless network.
I'm not certain how serious this is in practice; it depends on the proximity of vulnerable wired computers to interesting WiFi networks. Wired networks are no longer very common in people's houses and apartments, but of course they're the norm in enterprises. If you're a sysadmin for a corporation with that sort of setup, KRACK may be very serious indeed.