We got up with disturbing news about a critical flaw in the WPA2 protocol. This fact is worrying because until today was the method of encryption more secure and the most implanted in new devices to protect the wireless communication. If we add that it is a protocol failure, we should be concerned, since it affects not only one manufacturer, but all. A hacker within the range of coverage of a Wi-Fi AP could get the traffic which circulates between Internet access points and computers paired with it.
Discovery and danger of failure in WPA2
The security bug has been discovered through the KRACK concept test, an acronym for Key Reinstallation Attacks – the approximate translation would be: Key reinstallation attack. The investigation has been kept secret for weeks. Now it has been released. The vulnerability mainly affects Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, among others and are affected by some variant of the attack. Also, depending on the configuration of the devices an attacker can inject ransomware or malware into web pages.
Regarding the warning that the US-CERT has sent to different organizations, we can say that the impact of this security failure would affect:
- Decoding the WPA2 protocol.
- Packet Replay. Network attack whose purpose is to inject through a valid data transmission, a malicious or fraudulent of repeated way.
- Hijacking the TCP connection.
The fault is in the four-way handshake – the way in which the connection between the client and a Wi-Fi access point is established.
The vulnerability would be during the third step. At this point in the negotiation – handshake – the key can be forwarded several times. When forwarded several times in certain ways, it can reuse a nonce cryptographic causing decryption.
So official, vulnerability will be presented on November 1, 2017, in Dallas, specifically in ACM Conference on Computer and Communications Security.
Difference with existing attacks
The attack they have used to audit this protocol failure differs from the previous ones. This is the first attack against the WPA2 protocol that does not depend on the password. In fact, the previous attacks on networks with WPA2 encryption were directed to technology that revolved around this, such as WPS or old standards as WPA-TKIP. In other words, none of the existing attacks attacked the four-way handshake.
What can we do?
Finally, the most worrying thing about this is that our devices are vulnerable. In addition, manufacturers’ upgrades are often slow and do not always reach all devices. According to reports from Krack attacks, on July 14, 2017, they first contacted suppliers whose products had been exposed and verified by the discoverers of the vulnerability. However, when they realized that it was a critical failure in the protocol, they let the CERT / CC assist in disseminating the vulnerability. The CERT / CC on August 28, 2017, sent a mass notice to vendors.
For the moment the recommendations to follow would be:
- As the attack is directed at customers, keep updated most of the devices that connect over Wi-Fi. Search the manufacturers’ pages for updates.
- Use encryption protocols to keep Web traffic and email securely. Such as HTTPS.
- Use third-party VPNs or own VPNs. In this advice, it is necessary to emphasize, that we pay attention to the service provider since sometimes it is not as sure as it seems. It is advisable not to use free VPNs.