Apple and Google begin patching “devastating” Wi-Fi exploit
Microsoft has already rolled out fixes for KRACK flaw
Major device manufacturers have already begun issuing patches for the crippling vulnerability in the WPA2 Wi-Fi encryption standard revealed on Monday.
The KRACK - or key reinstallation attack - exploit takes advantage of a design flaw in the four-way handshake used for authenticating Wi-Fi connections. The vulnerability allows hackers to decrypt Wi-Fi packet data to snoop on web traffic, steal confidential data and credentials, and even potentially inject malware into users' browsing sessions.
Google and Apple are preparing to release patches for the flaw, while Microsoft said that it has already issued patches for Windows 7, 8 and 10, which were pushed out to users last week.
Apple is next in line, and has promised that its fixes for iOS and MacOS devices are currently at the testing phase, and will be rolling out in the next few weeks.
While Google has promised to issue an Android patch on 6 November, the only phones that are likely to receive that update in a timely manner are its own-brand Nexus and Pixel devices. Before devices from other manufacturers are updated, the fix will have to be customised by their respective manufacturers, which could take months, or more, judging on previous firmware updates.
It's possible that Google's Project Treble initiative, launched earlier this year, could help speed the process up, but it may still be some time before many Android devices are protected.
However, researchers describe the exploit as being "exceptionally devastating" against devices running Android 6.0 or above. The researchers who discovered the KRACK exploit estimated that over 40% of Android devices are vulnerable to attacks of this nature.
The Wi-Fi Alliance - the governing body that maintains the Wi-Fi standard - has already reassured users that the problem will soon be addressed. "This issue can be resolved through straightforward software updates," the group said in a statement, "and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users."
"There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections."
Picture credit: KU Leaven
16/10/2017: All Wi-Fi devices exposed by "devastating" WPA2 exploit
The global security community is reeling from the discovery of a devastating flaw in the WPA2 wireless encryption protocol, which affects virtually every modern Wi-Fi connection.
Discovered by KU Leuven researcher Mathy Vanhoef, the flaw is being referred to as 'KRACK' - short for key reinstallation attack - and involves exploiting a design flaw in the four-way handshake used by the WPA2 wireless protocol, along with numerous other cryptographic protocols.
"Every Wi-Fi device is vulnerable to some variant of our attacks," Vanhoef warned. It can be exploited to access virtually any information being transmitted over a Wi-Fi connection, including login credentials, photos, financial information and more.
How does KRACK work?
When a client device (like a laptop or smartphone) wants to join a network, the four-way handshake determines that both the client device and the access point have the correct authentication credentials, and generates a unique encryption key that will be used to encrypt all the traffic exchanged as part of that connection.
This key is installed following the third part of the four-way handshake, but access points and clients allow this third message to be sent and received multiple times, in case the first instance is dropped or lost. By detecting and replaying the third part of the four-way handshake, attackers can force the reinstallation of the encryption key, allowing them to access the packets being transmitted.
Although Vanhoef suggests that the attack is most impactful against the four-way handshake, the same exploit can also be employed against the group key, PeerKey, TDLS and Fast BSS Transition handshakes as well.
What can KRACK do?
What actions the attacker can carry out depends on which subset of the WPA2 encryption standard is in use. If the victim is employing AES-CCMP encryption, then packets transmitted by the victim can be decrypted and read, allowing the theft of sensitive information. Vanhoef warns that "it should be assumed that any packet can be decrypted".
This also allows the decryption of TCP SYN packets, which can then be used to hijack TCP connections and perform HTTP injection attacks such as infecting the target with malware.
If the target is using WPA-TKIP or GCMP (also known as WiGig), the potential damage is even worse. In addition to decryption, key reinstallation allows hackers to not only decrypt and read packets, but also to forge packets and inject them into a user's traffic. WiGig is particularly vulnerable to this.
What devices are affected by KRACK?
Attacking the four-way handshake allows hackers to decrypt packets sent by the client to the access point, whereas attacking the Fast BSS Transition handshake allows the decryption of packets sent from the access point to the client.
One of the most worrying revelations in the report is that Android devices are especially vulnerable to this attack, due to the use of a Linux Wi-Fi client that installs an all-zero encryption key when it's hit with the exploit, "completely voiding any security guarantees".
"This makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices," warned Vanhoef, who pointed out that more than 40% of Android devices (including any device on Android 6.0 and above) are vulnerable to this attack.
The attack is catastrophically broad in scope, with Vanhoef noting that it "works against all modern protected Wi-Fi networks," and that "if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks."
He also stated that additional protection methods such as HTTPS and VPNs may not protect users, pointing out that HTTPS encryption has been bypassed on numerous occasions.
Is WPA2 permanently broken?
Luckily, the discovery does not represent a death-blow for wireless connection protocols; the flaw can be patched in a backwards-compatible way, meaning that the existing WPA2 standard can still be used. Patches are currently being worked on by vendors, and all users are urged to install the latest patches for all their wireless devices as soon as they are available.
Vanhoef and his colleagues are also working on a tool to detect whether the exploit can be used against specific implementations of the affected encryption protocols, which is close to release, as well as a proof-of-concept that will be released once sufficient time has passed for users to update their devices.
Consumer choice and the payment experience
A software provider's guide to getting, growing, and keeping customersDownload now
Prevent fraud and phishing attacks with DMARC
How to use domain-based message authentication, reporting, and conformance for email securityDownload now
Business in the new economy landscape
How we coped with 2020 and looking ahead to a brighter 2021Download now
How to increase cyber resilience within your organisation
Cyber resilience for dummiesDownload now