Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

V_R

¯\_(ツ)_/¯
Moderator
Joined
Jan 31, 2005
Messages
13,573
Reaction score
1,888
This looks to be very serious, especially if you're on Android or Linux.

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.

The research behind the attack will be presented at the Computer and Communications Security (CCS) conference, and at the Black Hat Europe conference. Our detailed research paper can already be downloaded.

Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux. Here, the client will install an all-zero encryption key instead of reinstalling the real key. This vulnerability appears to be caused by a remark in the Wi-Fi standard that suggests to clear the encryption key from memory once it has been installed for the first time. When the client now receives a retransmitted message 3 of the 4-way handshake, it will reinstall the now-cleared encryption key, effectively installing an all-zero key. Because Android uses wpa_supplicant, Android 6.0 and above also contains this vulnerability. This makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices. Note that currently 41% of Android devices are vulnerable to this exceptionally devastating variant of our attack.
https://www.krackattacks.com/

More:
An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that's scheduled for 8 a.m. Monday, east coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.
https://arstechnica.com/information...l-leaves-wi-fi-traffic-open-to-eavesdropping/
 
Damn, it seems that everything has known vulnerabilities at this point :eek:. First Blueborne, now this.

I wonder how long it'll take to get patches for routers, etc... out there.
 
That looked surprisingly easy, and quick to do :eek:.

It looks like it would have to be a targeted attack though, and I don't connect to any WiFi I don't own or know well (i.e. not in hotels, cafes etc...) - so steps like that should hopefully help.

At least Samsung will have a patch out in 2019 :rolleyes:.
 
Yeah I rarely use public WiFi now anyway, even less so now...

On the plus side it seems its a simple fix, but as you say its how long it takes for manufacturers to release said fix! *cough*Samsung*cough*

I wonder what will happen to all the Android devices that are old and EOL, i doubt they will ever get patched as they don't even get the usual security updates after a while. That's the down side to Android and where Apple and iOS devices have a big advantage - the fragmentation.


Edit: Ubiquiti have/are patching it as we speak: https://community.ubnt.com/t5/UniFi...37-for-UAP-USW-has-been-released/ba-p/2099365
 
I wonder what will happen to all the Android devices that are old and EOL, i doubt they will ever get patched as they don't even get the usual security updates after a while. That's the down side to Android and where Apple and iOS devices have a big advantage - the fragmentation.
This is an area where I'd love to see legislation - i.e. manufacturers are force to support devices for up to x number of years for critical security flaws. Otherwise, we're going to churn through hardware or run insecure devices.
 
Does this affect Wi-Fi hardware in general or the WPA2 protocol?

The reason I ask is because WPA2 comes in two flavours - WPA2-PSK and WPA2-Enterprise.

WPA2-PSK uses a simple password for all devices. That's vulnerable by nature and can be easily hacked.

I personally use WPA2-Enterprise, which uses machine certificates to authenticate without needing a password. Additional Active Directory username and password authentication can also be implemented where required. Wouldn't this be much more complex to hack?

- Capt. Jack Sparrow.
 
Back
Top