All Wi-Fi connections vulnerable to KRACK attacks, security researcher finds
Image credit: Dreamstime
A Belgian security researcher has uncovered a weakness in a security protocol used in “all modern protected Wi-Fi networks” which renders wireless connections vulnerable to “KRACK” attacks.
The vulnerability is due to the WPA2 protocol, which secures all modern Wi-Fi networks. When a user tries to join a Wi-Fi network, a digital four-way ‘handshake’ is required to ensure that the user has permission to join the network (i.e. has the password). During this handshake, a new encryption key is generated which is used to encrypt all subsequent communications.
These keys are generated by a system called ‘nonce’ (a number that can only be used once).
The protocol can be compromised with a key installation attack (KRACK), in which an attacker causes a handshake to be repeated: the key generation system is reset and an already-used encryption key is installed. Reusing encryption keys is strongly discouraged.
“We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs),” wrote Marthy Vanhoef, a security researcher at KU Leuven, in a report detailing the vulnerability.
“Attackers can use this novel attack to read information that was previous assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.”
This vulnerability could expose almost all wireless internet traffic to attackers nearby. Depending on the network configuration, the researcher said, it may also be possible to “inject and manipulate data, for example, an attack might be able to inject ransomware or other malware into websites”.
According to Vanhoef, this vulnerability affects a range of operating systems and devices, including Android, Apple, Linus, Windows and others. Depending on the extent to which a device or operating system implements the protocol, a user could be severely affected, or minimally affected.
Vanhoef commented that iOS and Windows are among the most secure operating systems, due to not fully implementing the protocol, while Android 6.0 and recent Linux systems are particularly badly affected, due to a bug which causes the encryption key to be reset to all-zeroes, rendering the network easier to intercept and abuse.
“If your device supports Wi-Fi, it is most likely affected,” Vanhoef wrote. “Any data or information that the victim transmits can be decrypted”
Despite this extremely widespread vulnerability, users sending data wirelessly with additional encryption – such as in online banking, when using a VPN, or when sending messages secured with end-to-end encryption – will continue to be largely (though not completely) secure.
Insecure connections to websites, however, could be considered public until the issue is resolved.
The US Computer Emergency Readiness Team has issued a warning on the vulnerability, and the National Cyber Security Centre has stated that it will be studying the vulnerability, and providing guidance if necessary.
Vanhoef's paper, which describes the weakness in more technical detail is freely available online.