Several security flaws in the Wi-Fi Protected Access 2 (WPA2) protocol were recently disclosed, which can reportedly expose wireless devices to Key Reinstallation AttaCK (KRACK), a proof-of-concept exploit that compromises WPA2’s encryption mechanism. KRACK involves “manipulating and replaying cryptographic handshake messages”—the process of establishing parameters for systems and devices to communicate with each other.
WPA2 is used to secure Wi-Fi-enabled devices and hardware through authorization and encryption mechanisms. If successfully carried out, KRACK can enable attackers to eavesdrop on the network traffic traversing between the device and Wi-Fi access point.
Ars Technica noted that the advisory issued by the United States Computer Emergency Readiness Team (US-CERT) to certain organizations described the vulnerabilities to be related to the handshake used to generate the key that encrypts the traffic. The key, when resent multiple times, can be reused, even if it’s supposed to be a nonce (that is, it can only be used once).
[READ: Wi-Fi on the Go—How Safe is it?]
Ars Technica quoted, “US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected.”
According to the researchers, 41% of Android devices are susceptible to variants of KRACK, while Linux systems are also heavily impacted. Apple, Windows, OpenBSD, MediaTek, and Linksys devices were also noted to be affected by the vulnerabilities. The security flaws have been designated with the following CVE identifiers:
Mathy Vanhoef and Frank Piessens, the researchers who uncovered the vulnerabilities, are scheduled to present their findings at the upcoming ACM Conference on Computer and Communications Security (CCS). Both also have other researches on WPA2 security: their latest research took cues from the previous findings they demonstrated at the Black Hat Conference held last August. It detailed the logical implementation flaws in certain protocols used in Wi-Fi handshakes and the countermeasures that can be used against them. Last year, they published a research paper on how group keys in WPA2/802.11 can be decrypted and misused.
[InfoSec Guide: Defending against Man-in-the-Middle Attacks]
Given the potential impact of the vulnerabilities, IT/system administrators, information security professionals, and end users are recommended to adopt best practices to mitigate possible attacks on Wi-Fi networks and devices:
- Regularly update the Wi-Fi router’s credentials to lessen its attack surface
- Configure the service set identifier (SSID) in a way that can minimize how the Wi-Fi connection/network can be discovered by others
- Enabling your firewall to add a layer of security to devices
- Use a Virtual Private Network, especially when remotely accessing corporate assets
- Update Wi-Fi-enabled devices, routers or hardware’s firmware whenever possible; alternatively, switch to Ethernet/wired connections at least until the vulnerabilities are patched
Meanwhile, the Wi-Fi Alliance, which developed WPA2, issued a statement on how KRACK can be mitigated and is now working with major platform providers in rolling out patches to Wi-Fi users. Microsoft has addressed the vulnerability (CVE-2017-13080) affecting devices running Windows 8 and later versions via its October Patch Tuesday. Other vendors have already deployed their own firmware and driver updates, and some are already planning to develop and roll out patches against the vulnerabilities/KRACK exploit. The U.K.’s National Cyber Security Centre (NCSC) under the Government Communications Headquarters (GCHQ) released a similar advisory that will include guidelines on further securing Wi-Fi-enabled systems.
Source : trendmicro