WPA2 Security Flaw – KRACK-Key Installation Attack

Recently new administrative vulnerabilities were discovered in the WPA2 security protocol, which is a 13-year-old WiFi authentication method to secure WiFi associations and still the most common used system for computers, phones and routers.

According to ZDNet, this security flaw affects our homes, organizations and system administration organizations that manufacture them as well.Such a security flaw threatens the safety of data like passwords, and personal information like chatlogs, photographs and credit cards.

Mathy Vanhoef of imec-DistriNet, KU Leuven discovered that the attack called “KRACK-Key Reinstallation Attack” works by exploiting a 4-way handshake of the WPA2 protocol.

Video with proof of concept:

For a KRACK attack to be successful, an already-in-use key is re-installed by tricking the victim. That leads to the manipulation and replay of cryptographic handshake messages.

When the attacker is within physical range of a vulnerable device, network traffic could be decrypted, connections could be hijacked, and any content could be injected into the traffic stream. Simply said: The attack allows new devices with a pre-shared password to join the network. This flaw, if exploited, gives an attacker a skeleton key to access any WPA2 network without a password.

Microsoft Windows and the latest versions of Apple’s iOS are largely immune from the flaws, according to security researcher Kevin Beaumont, in a blog post. However, Vanhoef said the security issue is “exceptionally devastating” for Android 6.0 Marshmallow and above.

Although security experts said it wasn’t clear if any attacks had been seen in the wild, over an insecure network sites and services with HTTPS traffic will encrypt the data from the browser to the server.

The warning was uncovered around the time of the Black Hat security conference, when Vanhoef presented a talk on networking protocols, with a focus on the Wi-Fi handshake that authenticates a user joining a network.
The cyber-emergency unit has since reserved 10 common vulnerabilities and exposures (CVE) records. Those can be found here.

Krack, as it is called on the internet right now, shows us that for over 13 years while everyone believed they were securely browsing the internet, they were not. And it is just an example of something that is uncovered, but who knows what is still to come? It is another reason why you should always be vigilant and stay up to date with security issues. Because no one else will do it for you.

Sources: ZDnet