Home > News > Researchers reveal so-called ‘KRACK’ vulnerability in WPA2 Wi-Fi protocol

Researchers reveal so-called ‘KRACK’ vulnerability in WPA2 Wi-Fi protocol

WPA2Most Wi-Fi enabled devices – computer, phone, tablet, e-reader and watches are likely to be affected, and they will need manufacturer’s updates to block it. Before this, some safety comes from it being a wireless rather than Internet-based vulnerability, probably, so would-be exploiters have to be physically local.

WPA2

In a paper ‘Key reinstallation attacks: Forcing nonce reuse in WPA2‘, to be presented as CCS’17 (Dallas, 30oct-03nov), Mathy Vanhoef and Frank Piessens will describe in detail how the attach works – by making use of something compulsory in the Wi-Fi standards.

After the name of the attacks, the vulnerability has been dubbed ‘Krack’ – or key reinstallation attacks.

“The recently-disclosed key re-installation attacks are a series of serious weaknesses in the WPA2 protocol that is used to secure the vast majority of modern Wi-Fi networks,” said Sebastien Jeanquier, consultant at Context Information Security.

“An attacker within range of a Wi-Fi client can trick that client into using a cryptographic key that the attacker is able to calculate, thus allowing the attacker to decrypt and eavesdrop on all of the network traffic between the Wi-Fi client and the Access Point. This could allow the attacker to steal usernames and passwords, as well as personal or financial information. The vulnerabilities are within the Wi-Fi standard itself and not individual products or implementations. As such, all Wi-Fi enabled devices should be considered affected and vulnerable, until a patch is made available by their respective vendors.”

Wi-Fi LogoAccording to Jeanquier, no attack software has been released, “although it is not inconceivable that attackers could create their own tools to perform such an attack.

VPN

Before fixes are applied, he suggests using Ethernet or 4G instead of Wi-Fi, and connecting via encryption is Wi-Fi is unavoidable – by virtual private network (VPN), or only communicating with websites whose URL’s start ‘https://’ – with the ‘s’ being the important bit.

According to the Vanhoef/Piessens CCS paper, when a client joins a network, it executes the 4-way handshake to negotiate a fresh session key and then sends a certain message.

Because connections can be dropped, there is a mechanism that re-uses the same key to send the same message – and this is where the trouble starts.

Sense of perspective

In part thanks to its user-friendly moniker and in part due to the ubiquity of Wi-Fi for wireless communications, the vulnerability has been covered across the world.

But experts have urged a sense of perspective around the issue, describing it as a “classic Man-in-The-Middle attack”.

Richard Edgar, director of communications at Imagination Technologies’ Ensigma division, said: “When a story like KRACK breaks it is easy to understand why it makes the headlines – the vulnerability could affect millions of people.

“The weakness was found in the security protocol WPA2 and enables an attacker to potentially intercept and read the data being transferred over the network – a classic ‘Man-in-The-Middle attack’ (MiTM).

“These types of attacks will always happen because first, individuals and organisations are constantly looking to expose vulnerabilities. Secondly, the bad guys know there is money to be made from data such as credit card details and personal information.

Edgar said that technology companies would quickly release patches to address the vulnerability but said that in the meantime, “to avoid being a victim of a MiTM attack, prevention is key”.

“Consumers and businesses need to ensure their router and appliance is up-to-date, that they only use secure websites as they will have an extra layer of their own security, which is separate to Wi-Fi encryption, and avoid downloading anything from individuals or sources they don’t know are 100 per cent trustworthy.”