Beware of a KRACK Attack
Dutch researchers have discovered a major vulnerability in the WPA2 wireless security protocol putting your sensitive information risk of being stolen.
On Monday, Oct. 10, 2017, it was released that weaknesses in the Wi-Fi networks can enable an attacker, using key reinstallation attacks (KRACKs), to read information, such as credit card numbers, passwords, chat messages, emails, photos, and so on, that previously assumed to be encrypted. These weaknesses are in the Wi-Fi itself, not individual products so, the attack works against all modern protected Wi-Fi networks. It’s recommended to make sure all your devices are updated and security updates are installed as soon as they’re available.
Important key points to know:
- Any computer or phone is enabled to connect to a WI-Fi signal is at risk.
- The attacker has to be within range of you.
- The attacker emulates the WPA2 signal tricking your device into communicating with it as if it were your router. The attacker becomes the middleman.
- The attacker does not need to log in into the Wi-Fi, just to be within range of the signal.
By emulating the WPA2 and becoming the middleman, the attacker can change the signal you receive. For example, if you visit websites that use HTTPS, your information is secure, but an attacker can change the way you receive the signal, changing HTTPS to HTTP, allowing him/her to see sensitive data that you have input.
If you own a wireless hotspot we recommend to have it updated/patched against this vulnerability. In this case, you can use your own wireless patched secure network. And if you have to connect to a public WIFI beware of the non-encrypted sites and try to use VPN when possible.
How does the KRACK work?
When a client joins a network, it executes the 4-way handshake to negotiate a fresh encryption key. It will install this key after receiving message 3 of the 4-way handshake. Once the key is installed, it will be used to encrypt normal data frames using an encryption protocol.
However, because messages may be lost or dropped, the Access Point (AP) will retransmit message 3 if it did not receive an appropriate response as acknowledgment. As a result, the client may receive message 3 multiple times. Each time it receives this message, it will reinstall the same encryption key, and thereby reset the incremental transmit packet number (nonce) and receive replay counter used by the encryption protocol.
In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value but this same result can be forced by an attacker who managed to achieve a Man-in-the-Middle position.
Additionally, by being Man-in-the-Middle the attacker can easily convert HTPPS link to HTTP forcing browsers to use unencrypted connections exposing all connection data in plain text.
Several types of cryptographic Wi-Fi handshakes are affected by the attack: Four-way, Group Key, PeerKey, TDLS, and fast BSS Transition. The different CVE numbers assigned to the vulnerability reflect specific instantiations of the KRACK attack, so that it’s easier to track which products are affected by which instantiation.
To go more into detail about how the attack works visit: https://www.krackattacks.com/#details
By Javier Oblitas
Visual Net Design