Severe flaw in WPA2
protocol leaves Wi-Fi traffic open to eavesdropping
KRACK attack
allows other nasties, including connection hijacking and malicious injection.
DAN GOODIN - 10/16/2017,
6:37 AM
An air of unease set into the security circles on Sunday as they
prepared for the disclosure of high-severe vulnerabilities in the Wi-Fi Protected Access II protocol that
make it possible for attackers to eavesdrop Wi-Fi traffic passing between
computers and access points.
The
proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks.
The research has been a closely guarded secret for weeks ahead of a coordinated
disclosure that's scheduled for 8 a.m. Monday, east coast time. An advisory the US CERT recently
distributed to about 100 organizations described the research this way:
US-CERT
has become aware of several key management vulnerabilities in the 4-way
handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact
of exploiting these vulnerabilities includes decryption, packet replay, TCP
connection hijacking, HTTP content injection, and others. Note that as
protocol-level issues, most or all correct implementations of the standard will
be affected. The CERT/CC and the reporting researcher KU Leuven, will be
publicly disclosing these vulnerabilities on 16 October 2017.
According to a researcher who has been briefed on
the vulnerability, it works by exploiting a four-way handshake that's used to
establish a key for encrypting traffic. During the third step, the key can be
resent multiple times. When it's resent in certain ways, a cryptographic nonce
can be reused in a way that completely undermines the encryption.
A Github page
belonging to one of the researchers and a separate placeholder
website for the vulnerability used the following tags:
· WPA2
· KRACK
· key
reinstallation
· security
protocols
· network
security, attacks
· nonce reuse
· handshake
· packet
number
·
initialization vector
Researchers briefed on the vulnerabilities said they are
indexed as: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086,
CVE-2017-13087, CVE-2017-13088. One researcher told Ars that Aruba and
Ubiquiti, which sell wireless access points to large corporations and
government organizations, already have updates available to patch or mitigate
the vulnerabilities.
The vulnerabilities are scheduled to be formally
presented in a talk titled Key
Reinstallation Attacks: Forcing Nonce Reuse in WPA2 scheduled
for November 1 at the ACM Conference
on Computer and Communications Security in Dallas. It's
believed that Monday's disclosure will be made through the site krackattacks.com. The researchers
presenting the talk are Mathy Vanhoef and Frank Piessens of KU Leuven and imec-DistriNet,
Maliheh Shirvanian and Nitesh Saxena of the University of Alabama at
Birmingham, Yong Li of Huawei Technologies in Düsseldorf, Germany, and Sven
Schäge of Ruhr-Universität Bochum in Germany. The researchers presented this related
research in August at the Black Hat Security Conference in Las
Vegas.
The vast majority of existing access points aren't
likely to be patched quickly, and some may not be patched at all. If initial
reports are accurate that encryption bypass exploits are easy and reliable in
the WPA2 protocol, it's likely attackers will be able to eavesdrop on nearby
Wi-Fi traffic as it passes between computers and access points. It might also
mean it's possible to forge Dynamic Host
Configuration Protocol settings, opening the door to hacks
involving users' domain name service.
It wasn't possible to confirm the details reported
in the CERT advisory or to assess the severity at the time this post was going
live. If eavesdropping or hijacking scenarios turn out to be easy to pull off,
people should avoid using Wi-Fi whenever possible until a patch or mitigation is
in place. When Wi-Fi is the only connection option, people should use HTTPS,
STARTTLS, Secure Shell and other reliable protocols to encrypt Web and e-mail
traffic as it passes between computers and access points. As a fall-back users
should consider using a virtual private network as an added safety measure, but
users are reminded to choose their VPN providers carefully, since many services
can't be trusted to make users more secure. This post will be
updated as more information becomes available.
DAN GOODINDan
is the Security Editor at Ars Technica, which he joined in 2012 after working
for The Register, the Associated Press, Bloomberg News, and other publications.EMAIL dan.goodin@arstechnica.com // TWITTER @dangoodin001
Source
Comments
Post a Comment