Wi-Fi traffic at high-risk of eavesdropping, malicious injection & more
Put simply, a security protocol has been broken, exposing Wi-Fi security to a state of complete vulnerability. The security bug, known as “KRACK,” shorthand for Key Reinstallation Attack, puts almost every modern Wi-Fi device at risk, including computers, routers, and phones. In other words, almost every device that uses Wi-Fi is now at risk of being hacked.
The bug, discovered by security academic Mathy Vanhoef, who released all findings on the major security flaw here, exposes high-severity vulnerabilities in the Wi-Fi Protected Access II protocol, otherwise known as WPA2. WPA2 is a common protocol used in securing almost all modern wireless networks that, when compromised, is now giving attackers the ability to eavesdrop on Wi-Fi traffic passing between computers and access points.
At the crux of the Wi-Fi security vulnerability is WPA2’s four-way handshake. The bug works by exploiting this four-way handshake as it is used to establish a key for encrypting traffic. In other words, it securely allows new devices with a pre-shared password to join the network. During the third step of the four-way handshake, the key can be resent several times. Depending upon how the key is sent, a cryptographic nonce can be reused so as to completely bypass the encryption, thereby leaving the device vulnerable.
At max, the weakness has the ability to allow attackers to decrypt network traffic from WPA2-enabled devices, which is a complicated way of saying hackers can eavesdrop on all network traffic. They can also steal sensitive information, such as credit card numbers, passwords, chat messages, emails, photos, etc. As reported by Vanhoef himself via KrackAttacks, the attack works against all modern protected Wi-Fi networks. Depending upon network configuration, it is also possible to inject and manipulate data, such as an attacker injecting ransomware or other malware into websites.
Because the weaknesses are in the Wi-Fi standard itself, and not the individual products or implementations, even correct implementations of WPA2 are at risk to the vulnerability. Simply put, any device that supports Wi-Fi is most susceptible and/or already affected. Now, the vulnerabilities are scheduled to be formally presented in discussion entitled “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2.” The discussion is scheduled for November 1st at the ACM Conference on Computer and Communications Security in Dallas, Texas and will be lead by Vanhoef.
The only way to really prevent the attack is for users to update all affected products as soon as security updates become available. Unfortunately, thus far, the majority of existing access points have not seen patches and are unlikely to be patched quickly. Some access points may not be patched at all, making the vulnerability a double threat.
In the meantime, please take precaution when using devices on open Wi-Fi, as this vulnerability puts you at serious risk for a severe breach. When using Wi-Fi, please make sure to connect to an https address to ensure a higher level of safety. Assume that all traffic on unknown networks is vulnerable to being stolen.
Security threats come in all shapes and sizes. In the case of a threat like KRACK, where the magnitude of its effects are far-reaching and nearly limitless, it is imperative to have managed security services that are trained to identify security vulnerabilities. The likelihood of a patch being released soon is unpredictable. Therefore, it is absolutely necessary to have a team that knows proper protocol to follow when your information is at stake and your data is at risk.
zbrella Technology Consulting is a leading cyber security specialist and IT Support firm in NYC who offers managed services and can monitor and protect your cybersecurity in the event of vulnerabilities, threats, and more. If you need help managing your security and IT needs, give us a call at 718.355.9155 and dial #2.