Taking Hold of Your Signal - Critical Flaw Discovered in WPA2 Wi-Fi Security

Raevenlord · Oct 17, 2017

Researchers have recently discovered a critical flaw that affects all WPA2 protected Wi-Fi devices. This can't be remedied solely by user intervention, or password changes, or even by the usage of HTTPS website; this is a flaw with the core of WPA's protection scheme, and means that an attacker could intercept every single traffic data point that your device sends over Wi-Fi, including passwords, credit card details, images - the whole treasure trove. Adding insult to injury, it's even possible for attackers using this method to inject malware into your devices. The new attack method - dubbed KRACK for Key Reinstallation Attack - basically forces your device's encryption code to default to a known, plain-text all-zero decryption key, which is trivial for hackers to reuse.

Adding to the paranoia, this is basically a device and software-agnostic attack - it's effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS and Windows, as well as MediaTek Linksys, and other types of devices. HTTPS isn't the best solution either, simply because some website's implementation of it isn't the best, and there are scripts (such as SSLScript) that can force a website to downgrade its connection to a simple HTTP link - which can then be infiltrated by the attacker.

Asked whether this signaled the need for a reworked security protocol - ala WPA3 - , one of the principal researches responsible for bringing this problem to light answered that "No, luckily [WPA2] implementations can be patched in a backwards-compatible manner. This means a patched client can still communicate with an unpatched access point, and vice versa. In other words, a patched client or access points sends exactly the same handshake messages as before, and at exactly the same moments in time. However, the security updates will assure a key is only installed once, preventing our attacks. So again, update all your devices once security updates are available."

This is a video where the researchers show how fast it is to hack an Android device through this flaw:

The US-CERT (United States Computer Emergency Readiness Team) has already acknowledged the issue, alerting companies and state-based services to the flaw. Follow the sources below for the researchers' KRACK attack page, and the white paper, on the second link, which may shed some more light on this issue. In the meantime, be sure to check for device updates for all your internet access points - which if you hadn't noticed already, is pretty much everything around you.

View at TechPowerUp Main Site

Chaitanya · Oct 17, 2017

Don't think most consumer devices will get update for this flaw. Mostly enterprise grade wifi AP will updated in next few weeks.

Jermelescu · Oct 17, 2017

Microsoft said they fixed the issue on Windows machines if the user is up to date, so that's that. Still not sure exactly how is that 'fixed' since the problem seems to be on the router as far as I know.

RejZoR · Oct 17, 2017

The WiFi encryption is independent of HTTPS going through it. The amount of critical webpages even allowing non encrypted traffic is becoming ridiculously small, so that trick to force it to downgrade back to normal HTTP is super unlikely. So, realistic chances for someone "hacking" you this way efficiently are incredibly small. It would require a very targeted attack for which home computers are frankly not worth it.

This again proves AES 256 is still very much secure, it's the handshake that was intercepted in this case. Technically, if they fix the handshake thingie, the problem is solved until someone else figures out other method.

arbiter · Oct 17, 2017

Jermelescu said:
Microsoft said they fixed the issue on Windows machines if the user is up to date, so that's that. Still not sure exactly how is that 'fixed' since the problem seems to be on the router as far as I know.

With just what was said in the video, it seems like could be pretty simple. When you connect to a wifi network on a certain channel, the script sends forged packets to get you to go to a wifi on a diff channel then the legit network is connecting to on. I would guess least from what little was in the video just need to make it so OS doesn't accept being redirected to another channel then what legit network said it was on. Still not 100% since seems like some stuff not clear about so i could be wrong.

He also talked about bug where encryption key of all zero's being used and not reinstalled, that would be something could block from being used.

Ahhzz · Oct 17, 2017

Raevenlord said:
....dubbed KRAK for Key Reinstallation Attack - ....

Read about this yesterday... just to be "that guy", it's referred to as "KRACK".

R0H1T · Oct 17, 2017

I bet the NSA was sitting on this for a while, who knows what exploits they still have.

Raevenlord · Oct 17, 2017

Ahhzz said:
Read about this yesterday... just to be "that guy", it's referred to as "KRACK".

No problem with being "that guy"

bug · Oct 17, 2017

So, is this affecting routers only or do we need to patch clients as well? I'm thinking printers, smartphones and whatnot.

R-T-B · Oct 17, 2017

bug said:
So, is this affecting routers only or do we need to patch clients as well? I'm thinking printers, smartphones and whatnot.

The AP would be the natural place to patch it, which is why I find Microsoft's claim to have "patched" anything very confusing.

GenericAMDFan · Oct 17, 2017

bug said:
So, is this affecting routers only or do we need to patch clients as well? I'm thinking printers, smartphones and whatnot.

This is affecting clients. If you have an old smartphone with no software support now's the time to throw it away.

bug · Oct 17, 2017

R-T-B said:
The AP would be the natural place to patch it, which is why I find Microsoft's claim to have "patched" anything very confusing.

But why the AP? Every WiFi enabled device does the handshake and should be vulnerable, if I understood what this flaw does.

R-T-B · Oct 17, 2017

bug said:
But why the AP? Every WiFi enabled device does the handshake and should be vulnerable, if I understood what this flaw does.

That is a good point. I need to do some further reading.

transpondster · Oct 17, 2017

Chaitanya said:
Don't think most consumer devices will get update for this flaw. Mostly enterprise grade wifi AP will updated in next few weeks.

AP don't need upgrades, it's client side bug

bug · Oct 17, 2017

And here's our answer: https://arstechnica.com/information...ck-attack-destroys-nearly-all-wi-fi-security/

Good luck getting patches for Android phones, even the discontinued Windows Phone may get speedier patches

Prima.Vera · Oct 17, 2017

Great job showing all the details of the hack, so making it so popular that even an average Joe can now hack WPA2 Networks....

bug · Oct 17, 2017

Prima.Vera said:
Great job showing all the details of the hack, so making it so popular that even an average Joe can now hack WPA2 Networks....

Microsoft has already patched it, so the rule of "give them 60 days before disclosing" probably applies here.

Prima.Vera · Oct 17, 2017

bug said:
Microsoft has already patched it, so the rule of "give them 60 days before disclosing" probably applies here.

How about iOS or Android devices? Or Linux based OSes?

FYFI13 · Oct 17, 2017

Prima.Vera said:
How about iOS or Android devices? Or Linux based OSes?

Pretty sure iOS and Linux will receive patches fast enough, unlike gazillions of outdated Android devices.

bug · Oct 17, 2017

Prima.Vera said:
How about iOS or Android devices? Or Linux based OSes?

The 60 days rule says "give them 60 days to patch", not "wait till everybody feels like patching".

Octopuss · Oct 17, 2017

What does "client side" mean here?
I have an antenna/AP/something on the roof I get internet from. Should I be worried it will get hacked by this?
Similarly, should I disable wifi on all the routers in the house?

bug · Oct 17, 2017

Octopuss said:
What does "client side" mean here?
I have an antenna/AP/something on the roof I get internet from. Should I be worried it will get hacked by this?
Similarly, should I disable wifi on all the routers in the house?

It would appear any WAP2-enabled device is vulnerable. This includes your AP, laptop, smartphone, tablet, TV. Basically anything with wireless capability, because devices not using WPA2 use an even more vulnerable protocol.
Just pray for speedy updates and that no attackers scan your area

rtwjunkie · Oct 17, 2017

bug said:
And here's our answer: https://arstechnica.com/information...ck-attack-destroys-nearly-all-wi-fi-security/

Good luck getting patches for Android phones, even the discontinued Windows Phone may get speedier patches

Actually, my Windows phone running W10 gets regular updates just like PC.

R-T-B · Oct 17, 2017

bug said:
Good luck getting patches for Android phones, even the discontinued Windows Phone may get speedier patches

Thank goodness for unlocked bootloaders and LineageOS.

bug · Oct 17, 2017

rtwjunkie said:
Actually, my Windows phone running W10 gets regular updates just like PC.

You didn't have to twist the knife in the wound, but thanks

System Name	The Ryzening
Processor	AMD Ryzen 9 5900X
Motherboard	MSI X570 MAG TOMAHAWK
Cooling	Lian Li Galahad 360mm AIO
Memory	32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s)	Gigabyte RTX 3070 Ti
Storage	Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s)	Acer Nitro VG270UP (1440p 144 Hz IPS)
Case	Lian Li O11DX Dynamic White
Audio Device(s)	iFi Audio Zen DAC
Power Supply	Seasonic Focus+ 750 W
Mouse	Cooler Master Masterkeys Lite L
Keyboard	Cooler Master Masterkeys Lite L
Software	Windows 10 x64

System Name	Dark Monolith
Processor	AMD Ryzen 7 5800X3D
Motherboard	ASUS Strix X570-E
Cooling	Arctic Cooling Freezer II 240mm + 2x SilentWings 3 120mm
Memory	64 GB G.Skill Ripjaws V Black 3600 MHz
Video Card(s)	XFX Radeon RX 9070 XT Mercury OC Magnetic Air
Storage	Seagate Firecuda 530 4 TB SSD + Samsung 850 Pro 2 TB SSD + Seagate Barracuda 8 TB HDD
Display(s)	ASUS ROG Swift PG27AQDM 240Hz OLED
Case	Silverstone Kublai KL-07
Audio Device(s)	Sound Blaster AE-9 MUSES Edition + Altec Lansing MX5021 2.1 Nichicon Gold
Power Supply	BeQuiet DarkPower 11 Pro 750W
Mouse	Logitech G502 Proteus Spectrum
Keyboard	UVI Pride MechaOptical
Software	Windows 11 Pro

Processor	i7-13700k (undervolts -0.140 volts)
Motherboard	Asus Tuf Gaming z790-plus
Cooling	Coolermaster Hyper 212 RGB
Memory	Corsair Vengeance RGB 32GB DDR5 7000mhz
Video Card(s)	Asus Dual Geforce RTX 4070 Super ( 2800mhz @ 1.0volt, ~60mhz overlock -.1volts)
Storage	1x Samsung 980 Pro PCIe4 NVme, 2x Samsung 1tb 850evo SSD, 3x WD drives, 2 seagate
Display(s)	Acer Predator XB273u 27inch IPS G-Sync 165hz
Audio Device(s)	Logitech Z906 5.1
Power Supply	Corsair RMx Series RM850x (OCZ Z series PSU retired after 13 years of service)
Mouse	Logitech G502 hero
Keyboard	Logitech G710+

System Name	OrangeHaze / Silence
Processor	i7-13700KF / i5-10400 /
Motherboard	ROG STRIX Z690-E / MSI Z490 A-Pro Motherboard
Cooling	Corsair H75 / TT ToughAir 510
Memory	64Gb GSkill Trident Z5 / 32GB Team Dark Za 3600
Video Card(s)	Palit GeForce RTX 2070 / Sapphire R9 290 Vapor-X 4Gb
Storage	Hynix Plat P41 2Tb\Samsung MZVL21 1Tb / Samsung 980 Pro 1Tb
Display(s)	22" Dell Wide/24" Asus
Case	Lian Li PC-101 ATX custom mod / Antec Lanboy Air Black & Blue
Audio Device(s)	SB Audigy 7.1
Power Supply	Corsair Enthusiast TX750
Mouse	Logitech G502 Lightspeed Wireless / Logitech G502 Proteus Spectrum
Keyboard	K68 RGB — CHERRY® MX Red
Software	Win10 Pro \ RIP:Win 7 Ult 64 bit

System Name	The Ryzening
Processor	AMD Ryzen 9 5900X
Motherboard	MSI X570 MAG TOMAHAWK
Cooling	Lian Li Galahad 360mm AIO
Memory	32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s)	Gigabyte RTX 3070 Ti
Storage	Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s)	Acer Nitro VG270UP (1440p 144 Hz IPS)
Case	Lian Li O11DX Dynamic White
Audio Device(s)	iFi Audio Zen DAC
Power Supply	Seasonic Focus+ 750 W
Mouse	Cooler Master Masterkeys Lite L
Keyboard	Cooler Master Masterkeys Lite L
Software	Windows 10 x64

Taking Hold of Your Signal - Critical Flaw Discovered in WPA2 Wi-Fi Security

Raevenlord

News Editor

Chaitanya

Jermelescu

RejZoR

arbiter

Ahhzz

Super Moderator

R0H1T

Raevenlord

News Editor

bug

R-T-B

GenericAMDFan

New Member

bug

R-T-B

transpondster

New Member

bug

Prima.Vera

bug

Prima.Vera

FYFI13

bug

Octopuss

bug

rtwjunkie

PC Gaming Enthusiast

R-T-B

bug

Processor	Intel i5-12600k
Motherboard	Asus H670 TUF
Cooling	Arctic Freezer 34
Memory	2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s)	EVGA GTX 1060 SC
Storage	500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s)	Dell U3219Q + HP ZR24w
Case	Raijintek Thetis
Audio Device(s)	Audioquest Dragonfly Red :D
Power Supply	Seasonic 620W M12
Mouse	Logitech G502 Proteus Core
Keyboard	G.Skill KM780R
Software	Arch Linux + Win10

System Name	Pioneer
Processor	Ryzen 9 9950X
Motherboard	MSI MAG X670E Tomahawk Wifi
Cooling	Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans...
Memory	64GB (2x 32GB) G.Skill Flare X5 @ DDR5-6200(Running 1T no GDM)
Video Card(s)	PNY RTX 5080 OC
Storage	Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs, 1x 2TB Seagate Exos 3.5"
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64 / Windows 11 Enterprise (yes it's legit)

Processor	Intel® Core™ i7-13700K
Motherboard	Gigabyte Z790 Aorus Elite AX
Cooling	Noctua NH-D15
Memory	32GB(2x16) DDR5@6600MHz G-Skill Trident Z5
Video Card(s)	KUROUTOSHIKOU RTX 5080 GALAKURO
Storage	2TB SK Platinum P41 SSD + 4TB SanDisk Ultra SSD + 500GB Samsung 840 EVO SSD
Display(s)	Acer Predator X34 3440x1440@100Hz G-Sync
Case	NZXT PHANTOM410-BK
Audio Device(s)	Creative X-Fi Titanium PCIe
Power Supply	Corsair 850W
Mouse	Logitech Hero G502 SE
Software	Windows 11 Pro - 64bit
Benchmark Scores	30FPS in NFS:Rivals

Processor	Ryzen 5800X
Motherboard	Asus TUF-Gaming B550-Plus
Cooling	Noctua NH-U14S
Memory	32GB G.Skill Trident Z Neo F4-3600C16D-32GTZNC
Video Card(s)	Sapphire AMD Radeon RX 7900 XTX Nitro+
Storage	HP EX950 512GB + Samsung 970 PRO 1TB
Display(s)	Cooler Master GP27Q
Case	Fractal Design Define R6 Black
Audio Device(s)	Creative Sound Blaster AE-5
Power Supply	Seasonic PRIME Ultra 650W Gold
Mouse	Roccat Kone AIMO Remastered
Software	Windows 10 x64

Processor	Core i9-9900k
Motherboard	ASRock Z390 Phantom Gaming 6
Cooling	All air: 2x140mm Fractal exhaust; 3x 140mm Cougar Intake; Enermax ETS-T50 Black CPU cooler
Memory	32GB (2x16) Mushkin Redline DDR-4 3200
Video Card(s)	ASUS RTX 4070 Ti Super OC 16GB
Storage	1x 1TB MX500 (OS); 2x 6TB WD Black; 1x 2TB MX500; 1x 1TB BX500 SSD; 1x 6TB WD Blue storage (eSATA)
Display(s)	Infievo 27" 165Hz @ 2560 x 1440
Case	Fractal Design Define R4 Black -windowed
Audio Device(s)	Soundblaster Z
Power Supply	Seasonic Focus GX-1000 Gold
Mouse	Coolermaster Sentinel III (large palm grip!)
Keyboard	Logitech G610 Orion mechanical (Cherry Brown switches)
Software	Windows 10 Pro 64-bit (Start10 & Fences 3.0 installed)