KRACK Vulnerability Makes WPA2 WiFi Hacking Possible, Affects All Platforms With Android And Linux Being Worst Hit

As we all know that after setting up a new WiFi network we probably conditioned to check the “WPA2” box. That router and device connected to the Internet are likely showing vulnerable to a new encryption crack which has been announced today. With the Wireless WPA2 security standard now not quite as secure as we previously thought it was.

Users of Android devices, as well as anyone running a Linux machine, are the handset hit but it’s important to note that everyone, including Mac and iOS users, are potentially impacted by this. KRACK Hacks kills your Wi-Fi privacy with a swipe.

Now, it’s time to get patching again. Another widespread vulnerability affecting practically all and everything that uses Wi-Fi was revealed on Monday, allowing hackers to decrypt and potentially look at people doing everything online.

Caution here is that all routers and wireless access points should be updated regularly in order to have the capability to use WPA2. It’s also heavily used by public hotspots, meaning the coffee shop you like to browse the Internet from a likely susceptible to the newly shared flaw.

Researcher Mathy Vanhoef, from Belgian university KU Leuven, released information on his hack, dubbing it KRACK, for Key Reinstallation Attack. The flaw in WPA2 was discovered by Mathy Vanhoef, according to him both Android and Linux are “trivial” to attack, but other platforms are also at risk.

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks […] Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks […]

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected […] If your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks

More specifically, the KRACK attack sees a hacker trick a victim into reinstalling an already-in-use key. Every key should be unique and not re-usable, but the flaw in WPA2 means a hacker can tweak and replay the “handshakes” carried out between Wi-Fi routers and devices connecting to them.

This particular attack was severe for Android and Linux users showed how devastating an attack could be in the demonstration video below.

What’s behind the vulnerability? It affects a core encryption protocol, Wi-Fi Protected Access 2 (WPA2), relied on by most WiFi users to keep their web use hidden and secret from others.

These attacks on Google’s Android are made simpler by a coding error, where the attacker will know the key just by forcing a reinstallation. Why? Becuase the operating system uses what’s known as an “all-zero encryption key” when the reinstallation is initiated, which makes it easier to intercept and use maliciously.

It’s very important to know that encrypted connections to shopping websites and services will remain secure because it is only the encryption of the connection over wireless that is impacted here.

According to the researcher, the issue comes when devices initially connect to a wireless device such as a router or access point, at which point that device confirms the correct WPA2 password is being used.

In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.

In order to prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During the initial research, it is discovered that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others are all affected by some variant of the attacks, explained Vanhoef.

What to do?

Devices such as laptops and smartphones will require updates as well as WiFi routers. Indeed, it’s said it is more urgent for general users to patch their personal devices, whether phones, PCs or any smart device, by they watches, TVs or even cars. Users may want to be wary of using Wi-Fi at all until patches are widely rolled out.

Some good news

WPA2 can be patched by hardware vendors, and it will be backwardly compatible with existing devices out in the wild. While the bad news is that this relies on vendors actually patching devices, and with seemingly disposable Internet-of-things devices available by the likes of IKEA, it’s debatable whether that will happen at all.

Promising more too. Though the researcher admitted some of the KRACK attacks would be difficult to carry out, he’s to release more info on how to make them significantly easier to execute, specifically for Apple’s macOS and the Open BSD operating system.

(Source: krackattacks.com)

Next up to check out:

(Visited 17 times, 1 visits today)