Vulnerability in WPA2 Protocol Allows Attackers to Intercept and Decrypt Encrypted Data Traffic
According to cyber-security researchers Frank Piessens and Mathy Vanhoef from Belgium’s Katholieke Universiteit Leuven, there is a dangerous flaw in the WPA2 protocol which can be exploited by cybercriminals to intercept emails, passwords and other kinds of encrypted data. However, this will be successful only if the attacker is within the range of the vulnerable device or access point.
An attacker can also inject malicious content such as ransomware into a website when a client is visiting. The proof-of-concept of this exploit has been dubbed as KRACK, which is an abbreviation of Key Reinstallation Attacks. The findings of the research were disclosed on Monday followed by an advisory by US-CERT that has been distributed to nearly 100 organizations. In the advisory, it is stated that:
“US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven will be publicly disclosing these vulnerabilities on 16 October 2017.”
The vulnerability affects the core WPA2 protocol and devices running Linux, Android and OpenBSD are mainly vulnerable to be exploited while to some extent macOS, MediaTek Linksys and Windows devices are also vulnerable.
According to Sean Gallagher, IT editor at Ars Technica, KRACK performs the attack by targeting the four-way handshake. The handshake is executed when a WPA2-protected network is accessed by a client since it the handshake confirms that both client and access points have accurate credentials. KRACK however, tricks the client, which is vulnerable, into reinstalling a key that is already in-use due to which the client is forced to reset packet numbers. In the initial value of these numbers, there is cryptographic nonce and other parameters; KRACK forces the nonce reuse in such a way that encryption is avoided.
Vanhoef reveals that attackers can exploit this vulnerability to decrypt sensitive data including “credit card numbers, passwords, chat messages, emails, photos,” which is usually encrypted through the Wi-Fi encryption protocol. It is important to note that a majority of routers and devices nowadays rely upon WPA2 protocol for the encryption of Wi-Fi traffic.
“The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites,” wrote Vanhoef.
Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse krackattacks.com and see the paper at papers.mathyvanhoef.com/ccs2017.pdf
However, the researcher noted that the attacker could intercept Some of the traffic traveling between the device and router. If the traffic is encrypted with HTTPS, then it cannot be intercepted by the attacker. On the other hand, cybercriminals cannot access your password through this traffic and can only perform packet injection with certain devices only if present within the range of the Wi-Fi network.
To protect your device, it is highly important to update all the wireless devices such as routers, laptops, phones, and tablets or whatever device you own with the latest security patches because updating them would prevent KRACK vulnerability. Especially update your router’s firmware and if an ISP has provided it, contact them immediately to update their branded kit or browse through their administration panel. The router manufacturers that have already released fixes for WPA2 protocol include Aruba, FortiNet, Meraki, Microtik, and Ubiquiti.
No comments