Posted on: 16th October 2017
BREAKING: Attack discovered that works against all modern protected Wi-Fi networks as a result of WPA2 protocol flaw.
WPA2 Protocol Flaw
Belgian Security Researcher, Mathy Vanhoef has discovered a flaw with the WPA2 protocol, a protocol which is used by the vast majority of Wi-Fi Connections. This means that all Wi-Fi connections are now left vulnerable to eavesdropping and attacks.
The flaw affects many different Operating Systems and devices such as Apple, Android, Windows, Linux, OpenBSD, Linksys and MediaTek.
He explains that “attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” this includes sensitive information such as credit card numbers, passwords, chat message, emails, photos and so on.
He adds that “it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites” depending on the network configuration.
How does this work?
This exploit is known as ‘KRACK’ or a Key Reinstallation Attack. This essentially works by exploiting the “handshake” that a Wi-Fi network and a device give to each other when the device joins the network.
Usually, the two decide on an encryption key for all future traffic, meaning that each device will only be able to read data if it has that key. KRACK can be used to give the victim a key that’s already in use, which means someone else is able to decrypt and read any of the messages that are being sent over the network.
Vanhoef has demonstrated in a proof of concept video, how the attack can be used to steal information from an Android device. The video shows how an attacked would be able to gather login details such as email addresses and passwords and also how any other information transmitted by the victim can be decrypted.
Encryption expert, Alan Woodward from the University of Surrey has commented that “the reason this is so worrying, and why everyone is so interested, is that many (including large organisations) assume their [local Wi-Fi network] is a trusted environment. For example, some don’t require authentication on network resources. If that boundary is now easily breached then there would need to be a lot of rethinking about threat models
What can I do?
Because of the nature of this WPA2 flaw, changing your Wi-Fi passwords or buying replacement products will not fix the issue. This is because this security problem is caused by a cryptographic weakness in the most recent generation of wireless networking and is not just a security bug.
The best thing you can do is to update all of your devices as soon as security updates become available.
As it stands, there is currently not a security update available to patch over this vulnerability but manufacturers have been made aware of the flaw, and Vanhoef has spoken with the companies who make these devices to issue a patch as soon as possible that will fix the problem.
As this issue affects all Wi-Fi enabled devices, it is vital that you do install these updates both as a home user and a business user.
Our Cyber team have commented on the news;
The exploit isn’t publicly available at the moment, but it will be released in the coming months, so it is imperative all devices are updated before this happens.
It is more important to focus on updating your phones, laptops, tablets etc than it is your routers because the attack targets the device that is connecting to the wireless, rather than the device that is providing the wireless.
There are some limitations to the WPA2 protocol flaw; an attacker will need to be within range of a victim to exploit these weaknesses. Also, if you are accessing a secure website, that data will still be encrypted by the HTTPS protocol. However, there are separate attacks against HTTPS that could be employed to get around this.
As always we suggest following the below security guidelines to minimise the risk:
• Always check for the green padlock in your web browser’s address bar before logging in to any website or handling sensitive data online.
• Whenever you are on public wireless you should ensure you are connected to a VPN which will ensure your traffic stays private. If this is not an option then you should not log into anything private on public Wi-Fi.
• Never re-use passwords! We always stress this point but now the additional layer of protection provided by Wi-Fi can be removed it only takes one website to leak your password for a hacker to try it on others. We suggest using a password manager like LastPass or 1Password to generate and store complex passwords such as 8G$r@i3eBMNMkhlg1j#2. The best part is you never need to remember this password; the software does that for you!
• Use a cable where you can. It’s much harder to get between you, the cable and the wall than it is a wireless signal that can reach across a café!
We will update this page with any new information and important updates on the topic. We would urge all people that use Wi-Fi enabled devices (which is most of us!) to keep an eye out for the security updates that will be available to them, and install them as soon as they are available.
For the full report, please visit Mathy Vanhoefs blog here.