Tuesday, October 17th 2017

Taking Hold of Your Signal - Critical Flaw Discovered in WPA2 Wi-Fi Security

Researchers have recently discovered a critical flaw that affects all WPA2 protected Wi-Fi devices. This can't be remedied solely by user intervention, or password changes, or even by the usage of HTTPS website; this is a flaw with the core of WPA's protection scheme, and means that an attacker could intercept every single traffic data point that your device sends over Wi-Fi, including passwords, credit card details, images - the whole treasure trove. Adding insult to injury, it's even possible for attackers using this method to inject malware into your devices. The new attack method - dubbed KRACK for Key Reinstallation Attack - basically forces your device's encryption code to default to a known, plain-text all-zero decryption key, which is trivial for hackers to reuse.

Adding to the paranoia, this is basically a device and software-agnostic attack - it's effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS and Windows, as well as MediaTek Linksys, and other types of devices. HTTPS isn't the best solution either, simply because some website's implementation of it isn't the best, and there are scripts (such as SSLScript) that can force a website to downgrade its connection to a simple HTTP link - which can then be infiltrated by the attacker.
Asked whether this signaled the need for a reworked security protocol - ala WPA3 - , one of the principal researches responsible for bringing this problem to light answered that "No, luckily [WPA2] implementations can be patched in a backwards-compatible manner. This means a patched client can still communicate with an unpatched access point, and vice versa. In other words, a patched client or access points sends exactly the same handshake messages as before, and at exactly the same moments in time. However, the security updates will assure a key is only installed once, preventing our attacks. So again, update all your devices once security updates are available."

This is a video where the researchers show how fast it is to hack an Android device through this flaw:


The US-CERT (United States Computer Emergency Readiness Team) has already acknowledged the issue, alerting companies and state-based services to the flaw. Follow the sources below for the researchers' KRACK attack page, and the white paper, on the second link, which may shed some more light on this issue. In the meantime, be sure to check for device updates for all your internet access points - which if you hadn't noticed already, is pretty much everything around you. Sources: KRACK Attacks, KRACK Attack Paper, US CERT, Ars Technica
Add your own comment

43 Comments on Taking Hold of Your Signal - Critical Flaw Discovered in WPA2 Wi-Fi Security

#1
Chaitanya
Don't think most consumer devices will get update for this flaw. Mostly enterprise grade wifi AP will updated in next few weeks.
Posted on Reply
#2
Jermelescu
Microsoft said they fixed the issue on Windows machines if the user is up to date, so that's that. Still not sure exactly how is that 'fixed' since the problem seems to be on the router as far as I know.
Posted on Reply
#3
RejZoR
The WiFi encryption is independent of HTTPS going through it. The amount of critical webpages even allowing non encrypted traffic is becoming ridiculously small, so that trick to force it to downgrade back to normal HTTP is super unlikely. So, realistic chances for someone "hacking" you this way efficiently are incredibly small. It would require a very targeted attack for which home computers are frankly not worth it.

This again proves AES 256 is still very much secure, it's the handshake that was intercepted in this case. Technically, if they fix the handshake thingie, the problem is solved until someone else figures out other method.
Posted on Reply
#4
arbiter
Jermelescu, post: 3740253, member: 102004"
Microsoft said they fixed the issue on Windows machines if the user is up to date, so that's that. Still not sure exactly how is that 'fixed' since the problem seems to be on the router as far as I know.
With just what was said in the video, it seems like could be pretty simple. When you connect to a wifi network on a certain channel, the script sends forged packets to get you to go to a wifi on a diff channel then the legit network is connecting to on. I would guess least from what little was in the video just need to make it so OS doesn't accept being redirected to another channel then what legit network said it was on. Still not 100% since seems like some stuff not clear about so i could be wrong.

He also talked about bug where encryption key of all zero's being used and not reinstalled, that would be something could block from being used.
Posted on Reply
#5
Ahhzz
Raevenlord, post: 3740248, member: 166527"
....dubbed KRAK for Key Reinstallation Attack - ....
Read about this yesterday... just to be "that guy", it's referred to as "KRACK". ;)
Posted on Reply
#6
R0H1T
I bet the NSA was sitting on this for a while, who knows what exploits they still have.
Posted on Reply
#7
Raevenlord
News Editor
Ahhzz, post: 3740275, member: 49663"
Read about this yesterday... just to be "that guy", it's referred to as "KRACK". ;)
No problem with being "that guy" ;)
Posted on Reply
#8
bug
So, is this affecting routers only or do we need to patch clients as well? I'm thinking printers, smartphones and whatnot.
Posted on Reply
#9
R-T-B
bug, post: 3740296, member: 157434"
So, is this affecting routers only or do we need to patch clients as well? I'm thinking printers, smartphones and whatnot.
The AP would be the natural place to patch it, which is why I find Microsoft's claim to have "patched" anything very confusing.
Posted on Reply
#10
GenericAMDFan
bug, post: 3740296, member: 157434"
So, is this affecting routers only or do we need to patch clients as well? I'm thinking printers, smartphones and whatnot.
This is affecting clients. If you have an old smartphone with no software support now's the time to throw it away.
Posted on Reply
#11
bug
R-T-B, post: 3740317, member: 41983"
The AP would be the natural place to patch it, which is why I find Microsoft's claim to have "patched" anything very confusing.
But why the AP? Every WiFi enabled device does the handshake and should be vulnerable, if I understood what this flaw does.
Posted on Reply
#12
R-T-B
bug, post: 3740326, member: 157434"
But why the AP? Every WiFi enabled device does the handshake and should be vulnerable, if I understood what this flaw does.
That is a good point. I need to do some further reading.
Posted on Reply
#13
transpondster
Chaitanya, post: 3740250, member: 93474"
Don't think most consumer devices will get update for this flaw. Mostly enterprise grade wifi AP will updated in next few weeks.
AP don't need upgrades, it's client side bug
Posted on Reply
#15
Prima.Vera
Great job showing all the details of the hack, so making it so popular that even an average Joe can now hack WPA2 Networks....
Posted on Reply
#16
bug
Prima.Vera, post: 3740336, member: 98685"
Great job showing all the details of the hack, so making it so popular that even an average Joe can now hack WPA2 Networks....
Microsoft has already patched it, so the rule of "give them 60 days before disclosing" probably applies here.
Posted on Reply
#17
Prima.Vera
bug, post: 3740339, member: 157434"
Microsoft has already patched it, so the rule of "give them 60 days before disclosing" probably applies here.
How about iOS or Android devices? Or Linux based OSes? ;)
Posted on Reply
#18
FYFI13
Prima.Vera, post: 3740346, member: 98685"
How about iOS or Android devices? Or Linux based OSes? ;)
Pretty sure iOS and Linux will receive patches fast enough, unlike gazillions of outdated Android devices.
Posted on Reply
#19
bug
Prima.Vera, post: 3740346, member: 98685"
How about iOS or Android devices? Or Linux based OSes? ;)
The 60 days rule says "give them 60 days to patch", not "wait till everybody feels like patching".
Posted on Reply
#20
Octopuss
What does "client side" mean here?
I have an antenna/AP/something on the roof I get internet from. Should I be worried it will get hacked by this?
Similarly, should I disable wifi on all the routers in the house?
Posted on Reply
#21
bug
Octopuss, post: 3740364, member: 74316"
What does "client side" mean here?
I have an antenna/AP/something on the roof I get internet from. Should I be worried it will get hacked by this?
Similarly, should I disable wifi on all the routers in the house?
It would appear any WAP2-enabled device is vulnerable. This includes your AP, laptop, smartphone, tablet, TV. Basically anything with wireless capability, because devices not using WPA2 use an even more vulnerable protocol.
Just pray for speedy updates and that no attackers scan your area ;)
Posted on Reply
#23
R-T-B
bug, post: 3740333, member: 157434"
Good luck getting patches for Android phones, even the discontinued Windows Phone may get speedier patches :(
Thank goodness for unlocked bootloaders and LineageOS.
Posted on Reply
#24
bug
rtwjunkie, post: 3740377, member: 56774"
Actually, my Windows phone running W10 gets regular updates just like PC.
You didn't have to twist the knife in the wound, but thanks :D
Posted on Reply
#25
transpondster
Octopuss, post: 3740364, member: 74316"
What does "client side" mean here?
I have an antenna/AP/something on the roof I get internet from. Should I be worried it will get hacked by this?
probably yes, sounds like WiFi client.
Similarly, should I disable wifi on all the routers in the house?
you must remove clients (pc/phone/printer/whatever) from WiFi network that are not updated. Basically change WiFi password and add only clients that are updated. BTW why you have routers in house?
Posted on Reply
Add your own comment