Since 2004, WPA has been the most used and thought secure encryption method in the WiFi standard, so since then, most WiFi networks have been using this standard (WPA2 – WiFi Protected Access 2) and are as it turns out, vulnerable to cryptographic attacks.
A Flaw in the cryptographic protocol makes it possible to read and steal data that would otherwise be protected, according to new research from security researcher Mathy Vanhoef of K.U. Leuven in Belgium.
The vulnerability leaves room for the attacker to inject or manipulate data on a WiFi network, allowing him to steal passwords, financial data or manipulate data.
Though the attacker must be in range of the WiFi network to commit the attack, pretty much every network these days uses the WPA2 encryption method as Mathy Vanhoef says:
“Any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available,”
The weakness identified in the protocol, is the so called “4 way handshake“. A procedure that determines whether a user attempting to join a network and the access point offering the network have matching credentials. It’s essentially an exchange that ensures the user knows the network password. The four-way handshake also generates a new encryption key—the third communication in the four-step process—to protect the user’s session. The newly discovered vulnerability, which Vanhoef calls a Key Reinstallation Attack (KRACK), allows a hacker to tamper with or record and replay this third message, enabling them to reinstall a cryptographic key that’s already been used. That key reuse also resets the counters for how many packets, or bits of data, have been sent and received for a particular key. When these tallies are reset, an attacker can replay and decrypt packets, and even forge packets in some cases.
There are possible KRACK attacks for most Wi-Fi enabled devices out there, including Android and Linux, embedded and Internet of Things devices. All of these devices need to be patched.
But there is some good news: Most current versions of iOS and Windows aren’t vulnerable, because of the way Apple and Microsoft implemented the WPA2 standard to prevent resending of the third handshake message. But the millions and millions of impacted devices will present a challenge to fix. While the flaw is in the WPA2 standard and can be patched accordingly, different companies take different approaches to installing the protocol in their products, creating a patchwork of exposures and vulnerabilities in practice.
Changing your WiFi password, getting a new router or resorting to WEP encryption will not fix the problem or protect your from KRACK attacks, it will be only fixed by software patches which the manufacturers will have to provide for every specific device that is vulnerable.
