Researchers have shown that critical flaws in WPA2 encryption protocol make all Wi-Fi networks vulnerable to KRACK attacks.
Mathy Vanhoef is a postdoctoral researcher in computer security at the KU Leuven (Katholieke Universiteit) in Belgium.
On Monday, October 16th, Vanhoef startled IT security experts around the world when he revealed what he calls “serious weaknesses” in WPA2 Wi-Fi protocol that can be exploited by hackers.WPA2 makes Wi-Fi networks vulnerable to KRACK attacks.Click To Tweet
What is WPA2 Protocol?
When using Wi-Fi networks, information passes as radio waves between the router and the PC, laptop, smartphones, game console or any other connected device.
Like a conversation between two people, this connection can be easily intercepted by a third party, who could get access to sensitive information.
Hence Wi-Fi security protocols like WEP, WPA, and WPA2 were developed for users at home who don’t own industrial authentication servers.
WPA2-PSK (Wi-Fi Protected Access 2 – Pre-Shared Key) protocol allows users to encrypt the exchange between different devices when using Wi-Fi and block external unauthorized users.
Introduced in 2004, as a better version than previous protocols, WPA2 is supposed to be the most secure encryption method, often found as a default setting for Wi-Fi networks.
But as two researchers have just demonstrated, WPA2 protocol have some critical faults that would make them open to hackers.
WPA2 Can’t Protect you Against KRACK Attacks
Vanhoef and his teammate, Frank Piessens, have dedicated a website to the bug dubbed “KRACK” for Key Reinstallation AttaCK.
“[Key Reinstallation Attack] abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key,” reads the paper released by the two researchers (Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2).
The vulnerabilities are at the level of the WPA2 “4-way handshake” and would allow an attacker in the vicinity to decrypt the flow, inject HTTP content, take control of TCP connections, replay IP packets, etc.
In the paragraph below, researchers describe how a KRACK attack could be performed:
“All protected Wi-Fi networks use the 4-way handshake to generate a fresh session key. So far, this 14-year-old handshake has remained free from attacks and is even proven secure. However, we show that the 4-way handshake is vulnerable to a key reinstallation attack. Here, the adversary tricks a victim into reinstalling an already-in-use key.
This is achieved by manipulating and replaying handshake messages. When reinstalling the key, associated parameters such as the incremental transmit packet number (nonce) and receive packet number (replay counter) are reset to their initial value. Our key reinstallation attack also breaks the PeerKey, group key, and Fast BSS Transition (FT) handshake.
The impact depends on the handshake being attacked, and the data-confidentiality protocol in use. Simplified, against AES-CCMP an adversary can replay and decrypt (but not forge) packets. This makes it possible to hijack TCP streams and inject malicious data into them. Against WPATKIP and GCMP the impact is catastrophic: packets can be replayed, decrypted, and forged.
Because GCMP uses the same authentication key in both communication directions, it is especially affected.”
Researchers demonstrated a KRACK attack against Android and Linux, and were able to intercept the username and password of a dating site.
“The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected,” say authors of the paper “To prevent the attack, users must update affected products as soon as security updates become available.
The Wi-Fi Alliance released a statement regarding the threat of KRACK attack, saying that: “This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.”
On November 1st, Mathy Vanhoef and Frank Piessens will present their research at the ACM Conference on Computer and Communications Security (CCS 2017 – Session F3).