Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

[javajolt]

An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that's scheduled for 8 a.m. Monday, east coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven will be publicly disclosing these vulnerabilities on 16 October 2017.

According to a researcher who has been briefed on the vulnerability, it works by exploiting a four-way handshake that's used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it's resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.

A Github page belonging to one of the researchers and a separate placeholder website for the vulnerability used the following tags:

• WPA2

• KRACK

• key reinstallation

• security protocols

• network security, attacks

• nonce reuse

• handshake

• packet number

• initialization vector

researchers briefed on the vulnerabilities said they are indexed as CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088. One researcher told Ars that Aruba and Ubiquiti, which sell wireless access points to large corporations and government organizations, already have updates available to patch or mitigate the vulnerabilities.

The vulnerabilities are scheduled to be formally presented in a talk titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 scheduled for November 1 at the ACM Conference on Computer and Communications Security in Dallas. It's believed that Monday's disclosure will be made through the site krackattacks.com. The researchers presenting the talk are Mathy Vanhoef and Frank Piessens of KU Leuven and imec-DistriNet, Maliheh Shirvanian and Nitesh Saxena of the University of Alabama at Birmingham, Yong Li of Huawei Technologies in Düsseldorf, Germany, and Sven Schäge of Ruhr-Universität Bochum in Germany. The researchers presented this related research in August at the Black Hat Security Conference in Las Vegas.

The vast majority of existing access points aren't likely to be patched quickly, and some may not be patched at all. If initial reports are accurate that encryption bypass exploits are easy and reliable in the WPA2 protocol, it's likely attackers will be able to eavesdrop on nearby Wi-Fi traffic as it passes between computers and access points. It might also mean it's possible to forge Dynamic Host Configuration Protocol settings, opening the door to hacks involving users' domain name service.

It wasn't possible to confirm the details reported in the CERT advisory or to assess the severity at the time this post was going live. If eavesdropping or hijacking scenarios turn out to be easy to pull off, people should avoid using Wi-Fi whenever possible until a patch or mitigation is in place. When Wi-Fi is the only connection option, people should use http, STARTTLS, Secure Shell and other reliable protocols to encrypt Web and e-mail traffic as it passes between computers and access points. As a fall-back, users should consider using a virtual private network as an added safety measure, but users are reminded to choose their VPN providers carefully since many services can't be trusted to make users more secure. This post will be updated as more information becomes available.

source

[javajolt]

Break out the Ethernet cables, because WiFi is insecure (kind of)

Most modern devices that use WiFi make use of a security protocol called WPA2. Basically you enter a password and you can connect to the network. But what you don’t see is how that password is just the first step in securing your connection. Once it’s entered, your phone, tablet, laptop, or other device negotiates a “4-way handshake” with a WiFi access point to establish an encryption key that’s designed to keep anyone from spying on your data.

But a team of security researchers have figured out how to spy on it anyway.

They’ve discovered a vulnerability in that 4-way handshake that can be exploited using key reinstallation attacks (or KRACKs).



How it works

Basically, the hack tricks a system into retransmitting the same encryption key multiple times rather than generating a new one… and then using that encryption key to intercept data.

That means an attacker could potentially spy on you and steal sensitive data such as passwords or credit card numbers. Under some circumstances, an attacker could also inject malware including spyware or even ransomware into a website you’re visiting.

You can find more details about how the vulnerability can be exploited at KRACKattacks.com.

Scope of the issue

The good news, if there is any, is that an attacker will need to be within range of the WiFi access point to use a KRACK attack. So if you live in an isolated space, your home network might be reasonably safe. If you live in a densely populated area (I can currently see WiFi SSIDs for 10  of my neighbors), you’re probably less safe. And then there are public WiFi spots like coffee shops and airports.

Now for the really bad news: pretty much all modern WiFi hardware is vulnerable. The attack works against just about anything that uses WPA or WPA2 security.

And the most vulnerable devices are Android and Linux devices that use wpa_supplicant 2.4 or later, because the client will install an encryption key that’s all zeros rather than the real key. That makes it very easy to attack those devices.

Know what uses wpa_supplicant? Google Android 6.0 or later. That means about 41 percent of all Android devices are vulnerable to this version of the attack. Keep in mind, all Android devices that use WPA2 are vulnerable to the more general version of a KRACK attack. But if you’ve got a relatively recent Android device then it’s even easier for someone to hack into your connection.

As for what kind of internet traffic can be intercepted, it’s pretty much all of it. While interacting with websites or apps that use http encryption may offer some extra security, it can be bypassed in some situations allowing an attacker to spy on you while you’re using a mobile banking app, for example. Another example is shown in the video below, where a user trying to visit a website that would normally be protected by http is instead redirected to an insecure version.

Should I throw out my WiFi gear?

Nope. But you should probably be very careful about the networks you connect to and the sites you connect to for a while.

Security researcher Mathy Vanhoef discovered the vulnerability and says that it can be dealt with via a backward-compatible software patch that ensures an encryption key is never used more than once.

It’s likely that in the coming days, weeks, and months we’ll see updates rolled out for WiFi routers, phones, PCs, and other devices.

It takes two devices to get you connected: a client (like your PC or phone) and an access point (like a router). If at least one of those things is patched, you should be safe.

So if you’ve got an old router that rarely receives updates from the manufacturer, Vanhoef notes that you should be safe once your client-side devices are up to date. You might not need a security patch for your router, but you will most likely need the latest security updates from Microsoft, Apple, Google, or other operating system developers.

But if you’ve got an old router that doesn’t get security updates anymore, it’s probably a good idea to think about either upgrading or figuring out whether you can replace your router’s firmware with an open source solution like dd-wrt or openWrt, especially if you have other old WiFi-enabled gadgets in your home that are unlikely to receive official security patches anytime soon.

The Wi-Fi Alliance has issued a statement saying that “there is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections,” including requiring that devices be tested for the vulnerability as part of its certification process.



source