Computer users beware, your Internet access may no longer be safe as security experts discovered that the most popular Wi-Fi encryption protocol WPA2 can be cracked. The discovery became popular as the Krack attack which is short for Key Reinstallation Attack.
Wi-Fi’s Most Popular Encryption WPA2 Cracked via the Krack Attack
One of the most serious security bugs has just been reported by security experts worldwide. Apparently Wi-Fi’s most popular encryption implementation, the WPA2 which is short for Wi-Fi Protected Access II Protocol is no longer considered safe. This happened after a team of experts engineered a dangerous exploit called the Krack Attack which makes it possible for malicious users to eavesdrop on Wi-Fi traffic between computers and other network devices like routers and access points.
One of the most interesting and frightening aspects is that according to the released reports the proof-of-concept exploit has remained a secret for a long time (several weeks) before information about the vulnerability was posted online. An US CERT advisory which was distributed to around 100 organizations describes the event as the following:
US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017. One of the researchers is Mathy Vanhoef of imec-DistrNet. As a postdoctoral researcher in computer security he previously reported on other issues such as a Windows 10 Lock Screen bypass.
The attack works with all modern networks that employ WPA2 which is predominant form of network encryption. To this date it has been the preferred method by the majority of computer users as it uses a strong encryption cipher. Surprisingly the Krack attack deals not with the cipher itself but rather its implementation.
Implications of the Krack Attack on Wi-Fi WPA2
The available information shows that the Krack attack is capable of exploiting the way the security handshake of the WPA2 encryption protocol is handled. This is a sequence of requests and answers that deliver cryptographically protected data. The researchers uncovered that the when the third step is sent using multiple times, in some situations a cryptographic message can be reused in a way which effectively disrupts the security measures. All of this has lead to security issues that are tracked under multiple advisories:
- CVE-2017-13077 ‒ Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
- CVE-2017-13078 ‒ Reinstallation of the group key (GTK) in the 4-way handshake.
- CVE-2017-13079 ‒ Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
- CVE-2017-13080 ‒ Reinstallation of the group key (GTK) in the group key handshake.
- CVE-2017-13081 ‒ Reinstallation of the integrity group key (IGTK) in the group key handshake.
- CVE-2017-13082 ‒ Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
- CVE-2017-13084 ‒ Reinstallation of the STK key in the PeerKey handshake.
- CVE-2017-13086 ‒ reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
- CVE-2017-13087 ‒ reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
- CVE-2017-13088 ‒ reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
Information on the Krack attack and its implications for Wi-Fi WPA2 are going to be presented on a talk which is scheduled for November 1 at the ACM Conference on Computer and Communications Security.
Abuse of the networks can lead to any of the following scenarios:
- Information Harvesting ‒ The hackers are able to listen to the network stream and actively extract information as it passes along from the victim user to the visited websites. This can reveal passwords, user interaction and other sensitive data.
- Manipulation of Data ‒ The criminals have the ability to craft packets and responses which can be sent in the place of legitimate requests from the visitors.
- Malware Infections ‒ The Krack exploit can be used to infect the victims with all sorts of viruses, including the most dangerous ransomware strains.
Effectively all devices that enforce the Wi-Fi standard in its current implementation are affected by the vulnerability. As more and more devices get updated with new code, we urge all computer users to apply all security updates as soon as possible.
Krack Attack Demonstrated on Wi-Fi WPA2 Networks
The demonstration done by the researchers was made on an Android device. Screenshots posted online show how the attackers were able to decrypt all of the transmitted data by the victims. The researchers state that the attack is “exceptionally devastating against Linux and Android 6.0 or higher”. The reason for this is because the operating systems can be easily tricked into reinstalling an all-zero encryption key. This is a serious issue as the majority of network devices worldwide run on a Linux kernel or a similar system.
Depending on the devices and the network setup in particular the attackers can also decrypt the stream of data that is being sent towards the victims. And even though many sites and applications rely on a secure connection (such as HTTPS) it can be bypassed in this situation.
Considerations About Krack Attack’s Implications
The incident has caused serious concerns in the industry and the professionals community. Some experts raised the question for the creation of a new stadard which would be the succesor of the WPA2 encryption, the so-called WPA3. This concern has been answered by the Krack attack authors which state that the users should continue to use their WPA2 devices as long as they apply the forthcoming security updates by the vendors.
Changing the Wi-Fi password (or security key as it is sometimes called) will not prevent or mitigate the attack as the exploit works on a network protocol level.
How to Protect from the Krack Attack
The security researchers note that the current implementation of the WPA2 encryption protocol can be patched in a backwards-compatible manner. This means that the device vendors can create critical security patches which fix the issue. This is the safest way to protect yourself from possible abuse.
Right now the only sensible way of protecting sensitive data is to route all traffic through secure VPN connections or enforce the WPA-Enterprise mode. It is typically used in corporate networks as it relies on network authentication via a special RADIUS server.
However there is another way which can protect computer users. Advanced forms of malware can include the Krack attack as part of their execution sequence. This means that virus attacks can utilize the exploit and in this case the only way to protect users from dangers is to use a quality anti-spyware solution. It can also remove found active infections and remove them with a few mouse clicks.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter