A serious vulnerability has been found in the WPA2 encryption protocol which is used by most secure Wi-Fi networks. A group of security researchers developed an attack that allows you to listen to traffic...
A serious vulnerability has been found in the WPA2 encryption protocol which is used by most secure Wi-Fi networks. A group of security researchers developed an attack that allows you to listen to traffic between the computer and the access point. The exploit was called KRACK (Key Reinstallation Attacks).
How could they!
One of the creators of KRACK, Mathy Vanhoef, revealed the vulnerability last year but only after improving the attack for almost a year. Some manufacturers started receiving information on vulnerabilities this summer and on October 16th the details of the attack were revealed publicly on the site www.krackattacks.com.
Mathy Vanhoef posted a video on YouTube demonstrating the use of the attack:
The creators of KRACK used an innovative technique of forced reinstallation of encryption keys that protect traffic.
In WPA2, a four-part handshake is used to validate the credentials, generate, and approve a new one-time key (nonce), the reliability of which is considered mathematically proven. But this is precisely the mechanism that the attack is aimed at. The key is not actually hacked, but is replaced. Attacks of this kind are known as "Man in the Middle" (MITM) and one of its special features is that network members are not aware of the presence of a third party.
Who is under attack?
Since almost all modern networks use the mechanism of a four-part handshake KRACK proved to be universal and allowed you to listen to encrypted traffic on the entire spectrum of mobile and desktop platforms.
For encryption, several protocols can be used in the WPA2 protocol. If you use AES-CCMP, the exploit will only allow you to decrypt the data. But if you are using WPA-TKIP or GCMP protocols you can change the data packets or implement your own.
Researchers emphasize that all modern Wi-Fi networks, which were previously considered protected are now susceptible to any possible modification of the attack. This is due to the fact that the standard Wi-Fi itself has weaknesses, rather than any specific implementations. An example of exploiting this vulnerability is that hackers have the possibility of embedding spyware, malware, and extortion software on the web.
What to do?!
The only reliable protection is the regular installation of updates. Many manufacturers have already released them. The list of products for which the vulnerability has been found and updates to them are available at: http://www.kb.cert.org/vuls/id/228519
A little comforting is the fact that you need to be in the same network as the victim in order to hack it. But now there are public Wi-Fi zones all around.
The HTTPS protocol can partially save you from being hacked but it remains possible to redirect the request to an unprotected version of the site.
A detailed scientific article entitled "Attack with Key Reinstallation: Forced Reuse of Nonce in WPA2" was published on the site of Mathy Vanhoef. Researchers will make a presentation at the conferences of Computer and Communications Security (CCS) and Black Hat Europe.
In the near future the standard Wi-Fi will probably be updated taking into account backward compatibility with previous versions. The organization, Wi-Fi Alliance, is engaged in the development of a standard. They should draw up a plan for the development, testing, and implementation of the updated standard in association with producers and the IT community.
Share this with your friends!