Is this the end of Wi-Fi?
Wi-Fi protocols are all vulnerable to new exploit, according to researchers.
Researchers have announced an exploit that would potentially allow an attacker to eavesdrop on Wi-Fi traffic. The exploit takes advantages of several key management vulnerabilities in the WPA2 security protocol, until now regarded as best practice security in Wi-Fi deployments.
So what’s happened?
A researcher based in Belgium - Mathy Vanhoef of imec-DistriNet, KU Leuven - has discovered a significant flaw in the WPA2 protocol. The exploit relies on using key reinstallation attacks (KRACKs), and means that all Wi-Fi networks are potentially vulnerable, even when correctly configured and encrypted.
“The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available”, said Vanhoef in a paper.
Yes, it’s quite a coup. The attack targets the 4-way handshake of the WPA2 protocol, which is used to confirm that both the client and access point have the correct credentials, and is a core part of all modern implementations. The attacker essentially tricks the victim into reinstalling an already-in-use key by manipulating and replaying cryptographic handshake messages. “When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. By manipulating cryptographic handshakes, we can abuse this weakness in practice”, said Vanhoef.
Indeed, here’s a video of him doing exactly that:
Does this impact on all Wi-Fi?
Yes. It gets worse too - versions of Linux and Android 6.0 or higher are particularly susceptible to the attack. This is because Android and Linux can be tricked into (re)installing an all-zero encryption key, which “makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices. Note that currently 50% of Android devices are vulnerable to this exceptionally devastating variant of our attack”, said the researchers. The full paper and details of the attacks are here.
The vulnerabilities are set to be formally presented on November 1st in a talk titled “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2” at a security conference in Dallas.
What should businesses do?
Consider implementing network encryption that adds an additional layer of security, such as HTTPS or a VPN. However, the researchers were keen to point out that HTTPS can be bypassed in a number of situations, so should not be regarded as a panacea by any means. Either way, it’s a good time to test your implementation with High-Tech Bridge’s free SSL/TLS checker.
Other than that, it is a waiting game for patches to become available from vendors. As many have pointed out, the installation of those patches is likely to be irregular, so this vulnerability is likely to dog Wi-Fi installations for some time to come...
The following Common Vulnerabilities and Exposures (CVE) identifiers have been assigned:
- CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
- CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
- CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
- CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
- CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
- CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
- CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
- CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
- CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
- CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.