WPA2 Security Flaw Puts Almost Every Wi-Fi Device at Risk of Hijack, Eavesdropping (zdnet.com) 46

Posted by msmash from the security-woes dept.
A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack. From a report: The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network. That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream. In other words: hackers can eavesdrop on your network traffic. The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices -- putting every supported device at risk. "If your device supports Wi-Fi, it is most likely affected," said Vanhoef, on his website. News of the vulnerability was later confirmed on Monday by US Homeland Security's cyber-emergency unit US-CERT, which about two months ago had confidentially warned vendors and experts of the bug, ZDNet has learned.

  • Finally! (Score:5, Informative)

    by khandom08 ( 1319863 ) on Monday October 16, 2017 @10:13AM (#55376753)

    Public announcement from Mathy Vanhoef is https://www.krackattacks.com/ [krackattacks.com] and his research paper can be found https://papers.mathyvanhoef.co... [mathyvanhoef.com].

    • this just goes to show who is paying attention :

      https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4

    • From the paper and blog:

      In practice, some complications arise when executing the attack. First, not all Wi-Fi clients properly implement the state machine. In particular, Windows and iOS do not accept retransmissions of message 3 (see Table 1 column 2). This violates the 802.11 standard. As a result, these implementations are not vulnerable to our key reinstallation attack against the 4-way handshake. Unfortunately, from a defenders perspective, both iOS and Windows are still vulnerable to our attack agains

  • Going back to WEP (Score:3)

    by jfdavis668 ( 1414919 ) on Monday October 16, 2017 @10:25AM (#55376825)
    Since no one else uses it, WEP might protect you since people have given up looking for it.

    • Aircrack, which is pretty popular, can hack WEP in a few minutes.

      • Right and with tools like kismet/or whatever they're using now, it's rather easy to determine which AP you will attack based upon protocol.

      • Having run aircrack, several variants such as aircrack-ng, airsnort, and other WEP cracking tools, I call bullshit. They are terrible tools and rarely work as "advertised". Yes, I've been able to occasionally crack a WEP key on an AP. So, it's not like they are completely garbage. However, if you actually use these tools you'll find that they don't work "in a few minutes" in all but the very best scenarios. In many cases, when the AP attacks that force clients to re-init their keys (and thus give you a chan
  • This would be a good time to point out how many vulnerable (and probably forever unpatched) devices would result from the push for IoT.

  • So which is it? (Score:5, Informative)

    by Solandri ( 704621 ) on Monday October 16, 2017 @10:36AM (#55376897)

    the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network. [...] The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices

    WPA2 enterprise doesn't use a pre-shared key. So which is it? Does the weakness lie with pre-shared key passwords? Or something else which also affects WPA2 enterprise?

    Ah, here we go. The answer is "it's complicated." I'm reading through it right now, but as a PSA:

    In the future can we link to original source articles or responses by authoritative organizations, instead of trade rags?

    • WPA2 enterprise doesn't use a pre-shared key. So which is it? Does the weakness lie with pre-shared key passwords? Or something else which also affects WPA2 enterprise?

      The flaw has nothing to do with passwords or pre-shared keys. All WPA2 devices are affected because the flaw is in the WPA2 protocol.

      Ah, here we go. The answer is "it's complicated." I'm reading through it right now, but as a PSA:

      Because some of those links don't give you the overall summary but delves into details. As a security researcher you would might find those links useful. As a regular person, it doesn't help you understand the fundamentals like: Who is affected? Everyone using WPA2. Everyone.

  • Replay packet 3 in the 4 way handshake, and the client will encrypt two different payloads with the same key and nonce. A big mistake with most encryption methods.

    Worse, linux wpa_supplicant nulls out the key memory but still processes the replayed packet, causing the client to use a known (zero) key.

  • I wonder about an almost off-hand remark in section 6.2.
    "6.2 Example Attack Scenarios
    Among other things, our key reinstallation attacks allow an adversary to decrypt a TCP packet, learn the sequence number, and hijack the TCP stream to inject arbitrary data [37]"

    This implies that a "read only" (decrypt only) attack allows attacker to hijack the TCP stream. Can someone with better understanding of the issue explain this point? How can TCP connection be hijacked/modified if attacker has no ability to insert

