WPA2 is the security protocol we use to secure our internet connections, after flaws were found in WPA1. Now security researchers may have discovered a problem with WPA2 which if true, will be incredibly difficult to fix. This protocol is basically built into every internet connected device on the planet, some of which will never be updated, making them potential ongoing targets.
When you connect to a WiFi network, the traffic to that hotspot is secured using keys. Should someone know (or be able to derive the key, its theoretically possible they could steal the information flowing across that connection.
Update
The researches have now gone public and it is as bad as we thought.
This attack is being referred to as “KRACK”: Key Reinstallation AttaCK and more detail is set to be released tomorrow.
Something's happening tomorrow #WiFi #WPA2 pic.twitter.com/AFpFYDFoDo
— Catalin Cimpanu (@campuscodi) October 15, 2017
Here’s a link to that Reddit thread which links to a post by crypto expert, @kennwhite who shared some more details on Twitter.
This is a core protocol-level flaw in WPA2 wi-fi and it looks bad. Possible impact: wi-fi decrypt, connection hijacking, content injection. https://t.co/FikjrK4T4v
— Kenn White (@kennwhite) October 15, 2017
public disclosure is tomorrow, but “most or all correct implementations” of WPA2 are affected.
— Kenn White (@kennwhite) October 15, 2017
There’s a lot more information in Mathy Vanhoef’s presentation from Black Hat Webcast on the 24th of August this year. Securely Implementing Network Protocols: Detecting and Preventing Logical Flaws. Its 31 slides of technical content, but if you’re responsible for managing the security of networks, you’ll want as much detail as you can get your hands on right now.
This isn’t the first time WPA2 security has been called into question, in 2016, we had a full 16 page research paper on Predicting, Decrypting and Abusing WPA2/802.11 Group Keys PDF here. In the document, the following pretty scary statement.
The generated group keys are transferred to clients during the 4-way WPA2 handshake. We found that it is possible to perform a (type of) downgrade attack against the 4-way handshake, causing RC4 to be used to encrypt the transmission of the group key. We analyze the construction of the per-message RC4 key and its effect on biases in the keystream. This reveals that an attacker can abuse biases to recover an 128-bit group key by capturing 230 to 232 encryptions of the group key, where the precise number depends on the configuration of the network.
Identifying a flaw is one thing, but understanding its practical application for attackers to implement it is another. Postdoctoral Researcher, Mathy Vanhoef has a session schedule at security conference – Blackhat Europe that will showcase this WPA2 key reinstallation attack publicly and there we’ll understand more about the severity of the vulnerability.
We have discovered several key management vulnerabilities in the Wi-Fi Protected Access II (WPA2) security protocol. These can be exploited using so-called key reinstallation attacks. Because this is a protocol-level issue, most correct implementations of the standard are affected. Put differently, most protected Wi-Fi networks, including personal and enterprise WPA2 networks, are affected. All clients and access points that we tested in practice were vulnerable to some variant of the attack. The precise impact depends on the specific variant(s) of the attack that an implementation is vulnerable to.
Vanhoef has form in discovering vulnerabilities in security protocols, as he previously discovered an exploit in TLS (the RC4 NOMORE attack). He also focuses on wireless security, where he turns commodity wifi cards into state-of-the art jammers, defeats MAC address randomization, and breaks protocols like WPA-TKIP. He also did research on information flow security to assure cookies don’t fall in the hands of malicious individuals.
More information at http://www.blackhat.com/eu-17/briefings/schedule/#key-reinstallation-attacks-breaking-the-wpa2-protocol-8861
