Wi-Fi Alert: Researchers Discover Serous Flaw in WPA2

Image iStock

Image iStock

A few moments ago Mathy Vanhoef of imec-DistriNet published research which reveals a very scary vulnerability now know as a key reinstallation attack or KRACK.

The KRACK exploit could affect any device that uses Wi-Fi. The website says that the router manufacturer would need to update the security to prevent the attack. Therefore, if your device supports Wi-Fi, it is most likely affected. The weakness can permit the attacker to decode network traffic from a WPA2- authorized device, hijack connections, and administer content into the traffic stream. Meanwhile, newer networks using the short-range Wireless Gigabit (IEEE 802.11ad) standard generally use GCMP, which uses the same authentication key for both directions of communication between the client and access point, so a KRACK attack can allow for decryption of transmissions from either device.

Vanhoef said, "The weaknesses are in the WiFi standard itself, and not in individual products or implementations".

The vulnerability, known as "Krack" gives hackers access to nearly everything that has been sent over a Wi-Fi network and any device that has used the same network is potentially at risk.

And, again, it appears that gaining access to a given wi-fi network still requires physical proximity to the router, so KRACK targets can't be hit from anywhere in the world, unlike hacks that have no proximity requirements.

In Vanhoef's proof of concept against a phone running Android 6.0, the behavior of wpa_supplicant-a Wi-Fi library used in Android and various Linux distributions-causes the encryption key to be erased from memory after being installed the first time.

"Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted", Vanhoef says.

WPA2 is the highest level of Wi-Fi security available now and other options, which you might be able to find in your smartphone settings such as WPA1 and WEP, are even less secure. The paper largely focused upon Android based Smartphone and Tablets, which is thus where most of the problem resides.

Around 41% of Android devices are affected due to a devastating attack vector variant developed by the researcher which makes it "trivial to intercept and manipulate traffic sent by these Linux and Android devices".

As this vulnerability does not rely on a specific vendor implementation, practically any device with a specification-compliant implementation of WPA2 is affected. However, in the meantime, the US government has issued a warning on this Wi-Fi security loophole. The affected Android versions are about half of all Android devices that are in use worldwide. Fixes can be developed for the problem - but in practice, these will take time to roll out, and not all hardware vendors will update their products in a timely fashion.

There's a hole in Wi-Fi security, and it affects the vast majority of Wi-Fi devices and networks. Reprocessing the nonce can permit nemesis to attack the encoding by replaying, decrypting, or creating packets.

"Until the issue is fixed via a router firmware update - if possible - or WPA2 is superseded, everyone should adopt an additional level of caution when sending sensitive information to online servers", he said. And getting a macOS, Linux or an Android update will likely be faster than getting an update to that old router you have in the basement.

Latest News