The WPA2 protocol is supposed to be the most secure Wi-Fi Protocol Access compared to WEP and WPA because it uses the AES standard instead of the RC4 stream cipher but recently WPA2 protocol weakness was disclosed and it allows attackers within the range of a vulnerable device or access point to intercept passwords, e-mails, and other data and in some cases, it can also be used to inject ransomware or other malicious content.
The proof-of-concept exploit is called KRACK or Key Re-installation Attacks and it was revealed that it afffects the core WPA2 protocol which leaves operating systems vulnerable such as macOS, Windows, Linux, and especially Android.
“This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on,” said researcher Mathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium wrote. “The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
Mathy Vanhoef also provided a video demonstrating the attack against a device running on Android, which is shown below.
Basically, the video is showing that the attacker is decrypting all the data the device is sending to the access point by forcing the device into re-installing an all-zero encryption key, rather than the encrypted key.
Apparently, visiting websites running HTTPS is not a remedy against the attack because many websites are improperly configured and can be forced into dropping encrypted HTTPS traffic and transmit unencrypted HTTP data instead.
In the video demonstration, Vanhoef used a script known as SSLstrip and forced the site match.com to switch to HTTP and the attacker was able to steal an account password when the Android device logged in.
“Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations,” the researchers explained. “For example, HTTPS was previously bypassed in non-browser software, in Apple’s iOS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps.”
KRACK works by targeting the four-way handshake that’s executed when a client joins a WPA2-protected Wi-Fi network. For example, when your Phone and your WiFi router connects to each other, they will agree upon an encryption key and only work on those two devices allowing you to connect to the internet. Sometimes the handshake will fail to connect both devices and the router will restart the process by sending the same encryption key which can then be manipulated by KRACK.
This exploit affects all forms of WPA2 in similar cases.
Microsoft sent a patch during last week’s Patch Tuesday update and it relatively fixed the problem. If you are a Windows users who have yet to install the patch, I think you should do so right away.
What about other WiFi devices like your routers or mobile phones? It would take a while for some vendors to create a patch or maybe not at all.
So what can you do? First, be mindful of your web browsing. It still helps that you make sure you are visiting a secure website that is using HTTPS. Second, have an Antivirus. Even Windows Defender will still be useful. If an attacker tries to send you a malicious content through the website you’re visiting, it’s good to have that line of defense. Also make sure you have your firewalls and UAC turned on.
Using a wired connection is also recommended since this attack is intended for WiFi users.
For mobile phones, using a VPN that you trust is also helpful. But I would recommend using your 4G or LTE connection instead of WiFi. If your vendor/manufacturer rolls out a patch for your device, I advice that you apply it right away.
Cover Photo Designed by Freepik
Categories: Cybersecurity News