Security researchers and crackers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II (WPA2) protocol that could allow a potential attacker to hack into your Wi-Fi network and eavesdrop on the Internet communications and perform malicious activities without you prior knowledge, importantly they could steal all data from the devices connected to Wi-Fi at that prior moment. It doesn’t seem that safe now does it? WPA2 is a 13-year-old Wi-Fi authentication scheme widely used to secure Wi-Fi connections, but the standard has been compromised, impacting almost all Wi-Fi devices—including in our homes and businesses, along with the networking companies that build them. Dubbed KRACK or Key Reinstallation Attack is the proof-of-concept attack demonstrated by a team of researchers’ works against all modern protected Wi-Fi networks and all of them can be abused to steal sensitive information like credit card numbers, passwords, chat messages, emails, and photos and not what more. Since the weaknesses reside in the Wi-Fi standard/Scheme itself, and not in the implementations or any individual product, any correct implementation of WPA2 is likely affected. In short, if your device supports WiFi, it is most likely hackable. During their initial research, the researchers discovered that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by the KRACK attacks. It should be noted that the KRACK attack does not help attackers recover the targeted WiFi’s password; instead, it allows them to decrypt WiFi users’ data without cracking or knowing the actual password.So merely changing your Wi-Fi network password does not prevent (or mitigate) KRACK attack.
Here’s How the KRACK WPA2 Attack Works:
KRACK type of attack was discovered by researcher Mathy Vanhoef, KU Leuven, the KRACK attack works by exploiting a 4-way handshake of the WPA2 protocol that’s used to establish a key for encrypting traffic. For a successful KRACK attack, an attacker needs to trick a victim into reinstalling an already-in-use key, which is achieved by manipulating and replaying cryptographic handshake messages or influencing him by providing wrong info messages. Researcher says The team has successfully executed the key reinstallation attack against an Android smartphone during an event demonstrating KRACK attack, showing how an attacker can decrypt all data that the victim transmits over the so-called protected Wi-Fi. The researchers say their key reinstallation attack could be exceptionally devastating against Linux and Android 6.0 or higher, because “Android and Linux can be tricked into (re)installing an all-zero encryption key (see below for more info).” However, there’s no need to panic, as you aren’t vulnerable to just anyone on the internet because a successful exploitation of KRACK attack requires an attacker to be within physical proximity to the intended Wi-Fi network.
WPA2 Vulnerabilities and their Brief Details
The key management vulnerabilities in the WPA2 protocol discovered by the researchers has been tracked as: • CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the four-way handshake. • CVE-2017-13078: Reinstallation of the group key (GTK) in the four-way handshake. • CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the four-way handshake. • CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake. • CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake. • CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. • CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake. • CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. • CVE-2017-13087: reinstallation of the group key (GTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame. • CVE-2017-13088: reinstallation of the integrity group key (IGTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame. In order to patch these vulnerabilities, you need to wait for the firmware updates from your device vendors. According to researchers, the communication over HTTPS is secure (but may not be 100 percent secure) and cannot be decrypted using the KRACK attack. So, you are advised to use a secure VPN services, which encrypts all your Internet traffic whether it’s HTTPS or HTTP. The team has also promised to release a tool using which you can check whether if your WiFi network is vulnerable to the KRACK attack or not.