Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping


#1

Putting this in Tech Talk because I feel it’s really important for those of you who have routers/repeaters or cellphones and use WPA2.

Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

KRACK attack allows other nasties, including connection hijacking and malicious injection.

An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severe vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that’s scheduled for 8 a.m. Monday, east coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way:
Quote:
US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

According to a researcher who has been briefed on the vulnerability, it works by exploiting a four-way handshake that’s used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it’s resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.

Source: https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Important stuff:

  • Microsoft has a client side mitigation patch available, make sure you are up to date (patch tuesday release)

  • Many Linux vendors have updates available (wpa_supplicant needs to get patched, hostapd if run an AP and have Fast BSS Transition enabled)

  • Currently practically all Android devices are vulnerable, WP unknown, iOS unknown.

  • Routers that offer 802.11r are vulnerable

  • Repeaters are vulnerable

Worst case scenarios? Rogue DHCP server injected into WLAN that does DNS hijacking, HTTPS interception for sites that do not employ key pinning and all HTTP traffic is fully readable.

Be up to date, gents (and ladies).


#2

Great advice for as long as it’s possible. Since many Android OEMs fail to update their devices in a timely manner (if at all after the first year or two), I suspect there’s going to be many millions of vulnerable devices out there for a long while yet.

On Windows, Forbes reported then retracted a claim that it’s already patched in Windows. I believe an out-of-band patch is forthcoming, though.


#3

This, in general, is a very annoying thing with the Android platform - while I dislike the pricing on Apple hardware, they at least deliver software patches to their devices for roughly 2 years, in some cases even longer if it’s a really bad breach.

@MiukuMac Thanks for posting it here as well, I already had a pretty long discussion about some buddies today about that topic.

I’ll take the liberty and post a TL;DR: What should I do?

  • Update your hardware that goes into the network with the latest firmware/drivers.

#4

If I understand the exploit correctly, mitigation will require the client to store a history of used nonces. Obviously not a possibility for most IoT devices, but the question is, does it matter? IE, it’s easy to envisage a MiM attack on an active client, but there’s not much you can do with a smart bulb, you can’t even make it turn itself on or off, right?


#5

Are apple devices affected? like the Airport router,…


#6

This is not yet known - I’ll post here ASAP when I find out.


#7

iOS and MacOS vulnerable as well.


#8

Good for hackers. Bad for everyone else.


#9

Meanwhile,

To boost performance, the Infineon library constructs the keys’ underlying prime numbers in a way that makes them prone to a process known as factorization, which exposes the secret numbers underpinning their security.

Oops!


#10

Interestingly enough Google will roll out the fix on 6th of November for the Pixel phones and all manufacturers were alerted already in July… So, it could be that other Android devices will be vulnerable well into November.