You may have already heard the news, but in case you haven’t, a newly-discovered Wi-Fi security flaw has enabled hackers to eavesdrop (and do worse) on your Wi-Fi networks, putting almost every wireless-enabled device in the world at risk of an attack or exploit of some kind. The Steadfast Solutions’ tech management team is looking very closely at this Wi-Fi security vulnerability and will be offering key countermeasures to our clients to shore it up as needed.
This WPA2 security flaw was discovered by Belgian researcher Mathy Vanhoef, of KU Leuven University, and was revealed in information on his hack which he released on his website October 15, and which he has called KRACK (for Key Reinstallation Attack).
Vanhoef’s description of the security flaw on his KRACK website is startling: “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.
“The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
Vanhoef said the weakness lies in the protocol’s four-way “handshake,” which securely allows new devices with a pre-shared password to join a given wireless network.
That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream.
In other words: This flaw, if exploited, gives an attacker a skeleton key to access any WPA2 network without a password. Once they’re in, they can eavesdrop on your network traffic.
The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices — putting every supported device on a network at risk.
“If your device supports Wi-Fi, it is most likely affected,” said Vanhoef, on his website.
But because the discoverer of the “KRACK” Wi-Fi security vulnerability hasn’t released any proof-of-concept exploit code, there’s little risk of immediate or widespread attacks.
News of the Wi-Fi security vulnerability was later confirmed on Monday by US Homeland Security’s cyber-emergency unit US-CERT, which about two months ago had confidentially warned vendors and experts of the bug.
It affects a core encryption protocol, Wi-Fi Protected Access 2 (WPA2), relied on by most Wi-Fi users to keep their web use hidden and secret from others. More specifically, the KRACK attack allows a hacker to trick a victim into reinstalling an already-in-use key.
Every key should be unique and not reusable, but a flaw in WPA2 means a hacker can tweak and replay the “handshakes” carried out between Wi-Fi routers and devices connecting to them; during those handshakes, encryption keys made up of algorithmically-generated, one-time-use random numbers are created.
It turns out that in WPA2, it’s possible for an attacker to manipulate the handshakes so that the keys can be reused and messages silently intercepted.
The researchers, who said the attack was particularly severe for Android and Linux users, show how devastating an attack could be in this demonstration video.
The attacks on Google’s Android are made simpler by a coding error, where an attacker will know the key just by forcing a reinstallation. That’s because the operating system uses what’s known as an “all-zero encryption key” when the reinstallation is initiated, which is easier to intercept and use maliciously.
As for how widespread this Wi-Fi security vulnerability issue is, it appears almost any device that uses Wi-Fi is affected. “The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products [and devices] as soon as security updates become available.
Note that if your device supports Wi-Fi, it is most likely affected.
“During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others are all affected by some variant of the attacks,” explained Vanhoef.
The warning came at around the time of the Black Hat security conference, when Vanhoef presented a talk on networking protocols, with a focus on the Wi-Fi handshake that authenticates a user joining a network.
The cyber-emergency unit has since reserved 10 common vulnerabilities and exposures (CVE) records for the various vulnerabilities.
Cisco, Intel, Juniper, Samsung, and Toshiba are among the companies affected.
At its heart, the flaw is found in the cryptographic nonce, a randomly generated number that’s used only once to prevent replay attacks, in which a hacker impersonates a user who was legitimately authenticated.
In this case, a cyber-attacker can trick a victim into reinstalling a key that’s already in use. Reusing the nonce can allow an adversary to attack the encryption by replaying, decrypting, or forging packets.
Windows and latest versions of Apple’s iOS are largely immune from the flaws, according to security researcher Kevin Beaumont, in a blog post.
However, Vanhoef said the Wi-Fi security issue is “exceptionally devastating” for Android 6.0 Marshmallow and above.
We are constantly reviewing and updating security measures for all Steadfast Solutions managed clients. One of these (among others) is to utilise network firmware update tickets for MSA clients to ensure they are on the latest version.
If any action is required to improve your security measures, we will contact you directly to discuss requirements.
If you have any questions regarding this Wi-Fi security vulnerability and our proactive countermeasures to make it a non-issue for our customers, you can contact our Support Team or call us on 1300 739 335.