Serious Security Flaw Discovered In Wi-Fi WPA2 Technology Called KRACK
Mathy Vanhoef of imec-DistriNet, KU Leuven, has discovered a significant weakness in the Wi-Fi WPA2 security protocol. This weakness, called KRACK, is inherent in the Wi-Fi standard, which means a huge number of devices are at risk. KRACK is short for “Key Reinstallation Attacks,” but I’m sure you agree that a KRACK attack sounds much more interesting. The KRACK flaw means that a hacker could potentially exploit the Wi-Fi network in order to steal sensitive information: basically, anything you might do on your device. That means bank account details, passwords, instant messages, photographs, emails, and similar. Some networks are more vulnerable than others, and the hacker can inject malware into websites. The fix? It has nothing to do with using a more secure Wi-Fi password, but instead it means updating the software of vulnerable devices. This includes Android, where according to estimates around the Internet, around half of devices are potentially vulnerable.
The KRACK exploit uses the encryption key negotiation process of the original WPA and second generation WPA2 technologies. The exploit involves determining the encryption key used as part of the verification stage. When a device communicates with an encrypted Wi-Fi radio, it negotiates the connection using a number of encrypted keys. At the third stage of a four-stage security handshake, the access point confirms to the client device that it has completed that stage, and waits for the device to acknowledge this message. However, the Wi-Fi standard contains a tolerance for radio interference, and this means the access point can re-send the confirmation message. This is where an attacker can jump in and send the same message, which tricks the client device into using the original encryption key, which is relatively easily discovered by the exploit.
Different standards of Wi-Fi network allow different levels of access: older Wi-Fi protocols allow the attacker to inject network packets, and later Wi-Fi technologies allow the KRACK hack to decrypt transmissions from either device. Most devices built around Android 6.0 Marshmallow or later use the ‘wpa_supplicant’ program, which when subjected to a KRACK attack, replaces the original key with all zeroes… This results in a known key, and this makes it easier for the hacker to intercept your Wi-Fi signal!
The KRACK technique isn’t the first time that secure Wi-Fi has been compromised (and it probably won’t be the last), but luckily it’s possible to patch the software to fix the issue; we will look out for the Android Security Patch coming soon! A number of vendors have already applied fixes or have them ready to implement as the underlying issues around KRACK were made available to companies at the end of August 2017.