Thursday, 19 October 2017

KRACK Wi-Fi Vulnerability Breaks WPA2 WiFi Protocol: Know More Here!

A recently discovered vulnerability could allow attackers to intercept sensitive data being transmitted between a Wi-Fi access point and a computer or mobile device, even if that data is encrypted. The flaw, known as KRACK, affects WPA2, a security protocol widely used in most modern Wi-Fi devices.
In some cases, a hacker could exploit KRACK to inject malware such as ransomware into websites, according to KU Leuven's Mathy Vanhoef, the researcher who discovered the vulnerability. Vanhoef's findings were reported by tech site Ars Technica early Monday morning.
Here's an overview of what to know about the vulnerability, and how you can protect your devices.

Researcher Mathy Vanhoef, from Belgian university KU Leuven, released information on his hack, dubbing it KRACK, for Key Re-installation Attack. Vanhoef's description of the bug on his KRACK website is startling:

"We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key re-installation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."
KRACK is an acronym for Key Reinstallation Attack. It involves an attacker reusing a one-time key that's provided when a client device attempts to join a Wi-Fi network. Doing so could enable the hacker to decrypt information being exchanged between the access point and the client device, which could leave personal details like credit card numbers, messages and passwords exposed, as Vanhoef notes.


The researchers, who said the attack was particularly severe for Android and Linux users, showed how devastating an attack could be in the demonstration video above:

The attacks on Google's Android are made simpler by a coding error, where an attacker will know the key just by forcing a reinstallation. That's because the operating system uses what's known as an "all-zero encryption key" when the reinstallation is initiated, which is easier to intercept and use maliciously.

As for how widespread the issue was, it appears almost any device that uses Wi-Fi is affected. "The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others are all affected by some variant of the attacks," explained Vanhoef.

Who's affected?

Vanhoef warns that any device that supports Wi-Fi is likely affected by KRACK, but that Linux-based devices as well as Android devices running version 6.0 or higher of the Android operating system are especially at risk. At the moment that includes more than 40% of Android devices.

Vanoef demonstrated a proof of concept illustrating how exploitations using the KRACK technique are possible. But on his website, he cautions that he's "not in a position" to determine whether such attacks are actively being used.

What should I do about it?

To protect yourself from falling victim to a KRACK attack, you should update Wi-Fi devices like smartphones, tablets and laptops as soon as updates become available, Vanhoef says. If possible, users are also advised to update their router's firmware. Microsoft has already released a security update to address the issue, reports The Verge. The Wi-Fi Alliance, a network of companies that make Wi-Fi devices and define Wi-Fi standards and programs, has said that platform providers have already started deploying patches to address the issue.
Given the range of devices affected, it's almost guaranteed patches won't make it to everyone. The US Computer Emergency Response Team (CERT) has released an advisory, which notes a number of affected vendors, including Cisco, Intel and Samsung, amongst many other major tech providers.

  • A Google spokesperson wrote in an email to Forbes: "We're aware of the issue, and we will be patching any affected devices in the coming weeks."

  • Microsoft confirmed it had rolled patches out already: "We have released a security update to address this issue. Customers who apply the update, or have automatic updates enabled, will be protected."

  • Cisco also said it had published a security advisory to detail which products are affected, and a blog to help customers better understand the issue. "Fixes are already available for select Cisco products, and we will continue publishing additional software fixes for affected products as they become available," a spokesperson said.

Intel confirmed it was "working with its customers and equipment manufacturers to implement and validate firmware and software updates that address the vulnerability." It also released an advisory.

No comments:

Post a Comment