SAT News: KRACK: WPA2 Wi-Fi Protocol Compromised

Security researchers have discovered several key management vulnerabilities in the core of the Wi-Fi Protected Access II (WPA2) protocol that could allow an attacker access into a Wi-Fi network and the ability to eavesdrop on internet communications.

WPA2 is a 13-year-old Wi-Fi authentication scheme widely used to secure Wi-Fi connections. The standard has been compromised, impacting almost all Wi-Fi devices including IoT devices in homes and businesses, along with the networking companies that build them.

Given the name KRACK (Key Reinstallation Attack), the proof-of-concept attack demonstrated by a team of researchers works against all modern protected Wi-Fi networks and can be abused to steal sensitive information like credit card numbers, passwords, chat messages, emails, and photos.

Since the weakness resides in the Wi-Fi standard itself, and not in the implementations of any individual product, any implementation of WPA2 is more than likely affected.

In short, if your device supports Wi-Fi, it is most likely affected. During their initial research, the security researchers discovered that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others are all affected by the KRACK attacks.

It should also be noted that the KRACK attack does not help attackers recover the targeted Wi-Fi's password; instead, it allows them to decrypt Wi-Fi users' data without cracking or knowing the actual password. So merely changing your Wi-Fi password is not going to mitigate this threat.

The somewhat good news is you are not vulnerable to any attacker in the world through this attack. With this being a Wi-Fi attack, the attacker has to be in physical range of the Wi-Fi in order to exploit the vulnerabilities. In order to patch these vulnerabilities, you need to wait for the firmware updates from your device vendors.

The following CVE identifiers will help track if your devices have received patches for the discovered WPA2 flaws:

- CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.

- CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.

- CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.

- CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.

- CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.

- CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.

- CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.

- CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.

- CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.

- CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.

According to researchers, the communication over HTTPS is secure – but may not be 100 percent secure – and cannot be decrypted using the KRACK attack. So, it is advised to use a secure VPN service, that encrypts all your traffic whether it’s HTTP or HTTPS.

For more information, click here.

Nuspire Insights

Nuspire Infographic

Contact Us