It is as bad as we feared.. 802.11x WPA2 encryption is broken, like really broken. Earlier today we brought you news that this was coming, that security researchers were about to release information on a networking security vulnerability.
Discovered by Mathy Vanhoef of imec-DistriNet, KU Leuven have posted the details on https://www.krackattacks.com and the news is horrible. Millions of devices are now vulnerable using this attack, which means its open to be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. Depending on the network configuration, it is also possible to inject and manipulate data. This isn’t restricted to one kind of device, or device manufacturer, the exploit works against Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, basically take your pick.
Although this paper is being made public now, the researchers say it was submitted for review on 19 May 2017. You can read the full research paper titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 which will be presented at the Computer and Communications Security (CCS) conference on Wednesday 1 November 2017.
The attack works against all modern protected Wi-Fi networks
The researchers have posted a demonstration of the vulnerability and yep, its horrible to watch as you understand the simplicity in which this can occur. The seriously disturbing thing is that we’re all wide open for this until there’s updates released and applied to stop it. That’s going to take weeks at best, months or years at worst. Turning off WiFi from your home router, there’s really not much you personally can do.
The proof of concept shows an attack on a secured WiFi hotspot with WPA2 encryption with an Android client phone connected. The demonstration shows the attacker running a script that searches for protected WiFi networks (attacker could target specific SSIDs), clones the WiFi network on a different channel. The cloned network can manipulate handshake messages, a key component of the attack. By sending special WIFi frames (injecting CSA beacon), this tricks the Android phone to connect to the cloned network introducing a man in the middle attack. Thanks to the use of a SSL disable tool (only works with some poorly configured websites), the attacker is able to switch SSL connections to non-SSL sessions without alerting the user. If you’re not paying attention, you won’t see the padlock has been removed as the connection returns to a http, not https connection.
Yep, its scarily easy. Watch the full video below and visit https://www.krackattacks.com/ for the full detail.
If you’re not quite believing the severity of this, take a look through the FAQ section.. I’ve included it below, but for the latest always check.. https://www.krackattacks.com/#details-android
The researchers are planning on making the tools seen in the video available. They have committed to delaying the release of these scripts until everyone had a reasonable chance to update their devices (and we have had a chance to prepare the code repository for release). What a ‘reasonable’ timeframe is, isn’t clear.
The only saving grace with all of this, is that the attacker has to be in physical proximity to connect to the WiFi hotspot. Given WiFi networks often stretch well down the street, don’t think someone has to be on your doorstep to pull this off. Perhaps more concerning is the mesh networks in large businesses or public spaces like shopping centers that hundreds of users connect to.
Q&A
Do we now need WPA3?
No, luckily implementations can be patched in a backwards-compatible manner. This means a patched client can still communicate with an unpatched access point, and vice versa. In other words, a patched client or access points sends exactly the same handshake messages as before, and at exactly the same moments in time. However, the security updates will assure a key is only installed once, preventing our attacks. So again, update all your devices once security updates are available.
Should I change my Wi-Fi password?
Changing the password of your Wi-Fi network does not prevent (or mitigate) the attack. So you do not have to update the password of your Wi-Fi network. Instead, you should make sure all your devices are updated, and you should also update the firmware of your router. After updating your router, you can optionally change the Wi-Fi password as an extra precaution.
I’m using WPA2 with only AES. That’s also vulnerable?
Yes, that network configuration is also vulnerable. The attack works against both WPA1 and WPA2, against personal and enterprise networks, and against any cipher suite being used (WPA-TKIP, AES-CCMP, and GCMP). So everyone should update their devices to prevent the attack!
You use the word “we” in this website. Who is we?
I use the word “we” because that’s what I’m used to writing in papers. In practice, all the work is done by me, with me being Mathy Vanhoef. My awesome supervisor is added under an honorary authorship to the research paper for his excellent general guidance. But all the real work was done on my own. So the author list of academic papers does not represent division of work 🙂
Is my device vulnerable?
Probably. Any device that uses Wi-Fi is likely vulnerable. Contact your vendor for more information.
What if there are no security updates for my router?
Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
