Microsoft and others scramble to address KRACK WPA2 Wi-Fi vulnerability
Oct 16 2017 by Kate Woods
The exploit named Krack or Key Reinstallation Attacks pertains to the Wi-Fi Protected Access II protocol which makes it possible for anyone within physical proximity of a WPA2 enabled Wi-Fi router to keep a tab on user's every online move. Mathy Vanhoef of KU Leuven, the Belgian security researcher who discovered the flaw, warns that the security problem stems from a fundamental cryptographic weakness in the latest generation of wireless networking rather than a software security bug. The list of products affected by some variant of attack includes Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and more. Other devices are harder to attack so successfully, but a hacker can expect to be able to decrypt a significant amount of the data transmitted by the victim.
One surefire way to protect yourself from hackers is to disable Wi-Fi on your devices and turn off your router - at least until security patches become available.
When a client device (like a laptop or smartphone) wants to join a network, the four-way handshake determines that both the client device and the access point have the correct authentication credentials, and generates a unique encryption key that will be used to encrypt all the traffic exchanged as part of that connection.
The Wi-Fi exploit involves forcing a client device to reinstall an encryption key that's already in use during the process of making the secure connection.
In short, nearly all Wi-Fi devices featuring the WPA2 security protocol are vulnerable to key flaws in its 4-way handshake process.
"Additionally, it's likely that you don't have too many protocols relying on WPA2 security". The most vulnerable to this attack are Android users. It's worth checking to see if your Wi-Fi router has a security update, but it's not necessary.
"Depending on the network configuration, it is also possible to inject and manipulate data, Vanhoef says".
Linux and Android 6.0 and above are at greater risk of having their data decrypted as they can be tricked into installing encryption keys.
It was not immediately clear how hard it would be for hackers to exploit the bug, or if the vulnerability has previously been used to launch any attacks.
The upshot of the vulnerability is that it requires an attacker to be within range of the Wi-Fi network's radio waves, and only affects the communications between the device and the Wi-Fi access point.
Security researchers have revealed bad news for WiFi wireless networks everywhere. Changing your Wi-Fi password won't help, but you can look for other security protocols or find a reliable VPN. After all, if you're sharing a public Wi-Fi network with tens or hundreds of other strangers, you're likely more vulnerable than you are in the privacy of your home.
"The attacker would have to be physically close to the target and the potential weaknesses would not compromise connections to secure websites", the statement said. Vanhoef is now in the process of notifying vendors about KRACK and what changes they can make to routers and access points to protect against it.
In fact, even if your device has been patched, if it connects to a router that hasn't also been patched, you remain vulnerable!