A serious security weakness discovered in the WPA2 wireless networking protocol likely affects every device that supports Wi-Fi, according to one of the researchers who discovered the vulnerability.
The weakness could enable a so-called "KRACK" (Key Reinstallation AttaCK) attack on the four-way cryptographic handshake system used to establish communications connections via WPA2. By launching such an attack, a hacker could reinstall a previously used cryptographic key and then access all the data sent and received by a wireless device.
What's more, an attacker could also use that wireless access to inject malicious data, such as ransomware, into the traffic streaming to an affected device.
While there's no indication yet that the vulnerability has been exploited in the wild, the Wi-Fi Alliance said it is urging device vendors to integrate patches quickly. When those become available, users should immediately update their wireless devices to reduce their risks of being hacked.
'Works against All Modern Wi-Fi Networks'
In a proof-of-concept paper released today and scheduled to be presented at a security conference next month, Catholic University of Leuven researchers Mathy Vanhoef and Frank Piessens described how flaws in Wi-Fi security protocols could be exploited by tricking a targeted wireless device into reinstalling a cryptographic key that's already in use. That reinstallation breaks the handshakes used to establish a secure connection and could allow an attacker to replay, decrypt, and forge data sent wirelessly to and from the victim's device.
"[A]ttackers can use this novel attack technique to read information that was previously assumed to be safely encrypted," Vanhoef noted on the Key Reinstallation Attacks Web site he launched to describe how KRACK works. "This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks."
While their paper was released earlier today, Vanhoef and Piessens submitted it in May for review by the ACM Conference on Computer and Communications Security, set for Oct. 30 - Nov. 3 in Dallas. Vanhoef added on the KRACK Web site that they notified vendors whose products they tested in July and then contacted the CERT Coordination Center, which researches computer vulnerabilities and provides threat and mitigation updates to the public.
"To avoid being a victim of this new attack against WPA2, you must update all of your Wi-Fi devices," Vanhoef said in a YouTube video posted on the KRACK Web site.
'More Rigorous Inspections Needed'
In a security notice posted today, CERT said it notified most well-known affected vendors about the vulnerability in late August. Many of them have begun preparing patches for their systems, and some have already been released.
Some of the KRACK vulnerabilities can be mitigated by disabling IEEE 802.11r or fast BSS transition, known as "fast roaming," in wireless devices, according to Omar Santos, principal engineer in Cisco's Product Security Incident Response Team. That strategy could cause performance issues in some cases, though, and other vulnerabilities will require full patches for mitigation, he added.
In the meantime, users could also turn off Wi-Fi on their devices and use either mobile data or wired ethernet connections to reduce their WPA2 risks, Iron Group CTO Alex Hudson said yesterday on his personal blog.
"Lots of us have old routers at home, which have no chance of a firmware upgrade, and lots of WiFi equipment that may well not get a protocol upgrade if one is required," Hudson said. "Right now, it sounds like all this stuff is going to be worthless from the perspective of encryption."
Vanhoef added that more work will be needed to prevent similar vulnerabilities in the future. "We need more rigorous inspections of protocol implementations," he said on the KRACK Web site. "This requires help and additional research from the academic community! Together with other researchers, we hope to organize workshop(s) to improve and verify the correctness of security protocol implementations."