Stories
Slash Boxes
Comments

SoylentNews is people

Breaking News

Severe Flaw in WPA2 Protocol Leaves Wi-Fi Traffic Open to Eavesdropping - KRACKATTACK

posted by martyb on Monday October 16 2017, @12:46PM   Printer-friendly
from the the-sky-is-slowly-descending dept.

Multiple Soylentils submitted stories about a newly-reported vulnerability that has been discovered in the WPA-2 protocol that secures communications on Wi-Fi networks. This is a significant vulnerability, but not quite as bad as some sensationalist headlines and stories would suggest. As I understand it, there is a 4-step process by which keys are exchanged to set up wireless encryption. An attacker can force a connection to repeat the 3rd step and thus force known values for the nonce. An attacker can leverage that information to break the encryption and, in many cases, eavesdrop on communications. In certain cases, it is possible to manipulate the communications and modify/insert a payload.

The vulnerability is in the protocol, not in a specific implementation. The spec fails to call out a mitigation that could preclude key re-use. So, it is an error of omission instead of an error of commission. An implementation can avoid this problem by refusing to reuse a previously received key.

The defect is primarily in the remote device, not in the base station. The researcher called out Android 6+ as being especially vulnerable.

A fix for BSD was silently released ahead of the announcement. I saw a report that Linux has already been patched, but without any supporting link.

The researcher, Mathy Vanhoef, has created a web site with details: https://www.krackattacks.com/. A research paper, Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 (pdf), is available.

See the Vulnerability Notes Database for information on specific vendors.

Sensationalist reports are already appearing. For a calmer view, see Kevin Beaumont's take on this at Regarding Krack Attacks — WPA2 flaw where he notes:

  • It is patchable, both client and server (Wi-Fi) side.
  • Linux patches are available now. Linux distributions should have it very shortly.
  • The attack doesn't realistically doesn't[sic] work against Windows or iOS devices. The Group vuln is there, but it's not near enough to actually do anything of interest.
  • There is currently no publicly available code out there to attack this in the real world — you would need an incredibly high skill set and to be at the Wi-Fi base station to attack this.
  • Android is the issue, which is why the research paper concentrates on it. The issue with Android is people largely don't patch.

My suggestion for organisations is they ask their Wi-Fi network providers for patches — this is absolutely patchable, as per the researcher's own website.

Severe Flaw in WPA2 Protocol Leaves Wi-Fi Traffic Open to Eavesdropping

fleg writes:

The Guardian has an article on it here https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-security-vulnerable-hacking-us-government-warns.

Heres the researchers description...

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

From https://www.krackattacks.com

Severe Flaw in WPA2 Protocol Leaves Wi-Fi Traffic Open to Eavesdropping

Phoenix666 writes:

Warning: This may give you a case of the Mondays:

An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that's scheduled for 8 a.m. Monday, east coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

Wi-Fi WPA2 Security may be Irretrievably Broken

martyb writes:

Woody Leonhard has been my go-to source for the status of safety and usability of updates to Windows for years. He's not usually prone to alarmism, so I'm looking at this announcement on his site with a great deal of trepidation:

There's a lot of buzz this weekend about a flaw that's purported to break security on most Wi-Fi connections, allowing an eavesdropper to snoop or use the connection without permission.

Said to involve CVE-2017-13077, 13078, 13079, 13080, 13081, 13082, 13084, 13086, 13087, 13088, when they're posted.

See this thread from @campuscodi and be watching Bleepingcomputer tomorrow for details.

The reference to the tweet by @campuscodi is to "Catalin Cimpanu [who] is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more." See the tweet for references to background papers which may be of assistance in understanding the nature of the flaw and possible preparations to help try and mitigate the breakage.

There is a web site — https://www.krackattacks.com/ — which was created on October 10 that seems to be a placeholder for posting the details when they are released.

Time to stock up on energy drinks, coffee, and Pringles®?

Original Submission #1Original Submission #2Original Submission #3

 
This discussion has been archived. No new comments can be posted.
Severe Flaw in WPA2 Protocol Leaves Wi-Fi Traffic Open to Eavesdropping - KRACKATTACK | Log In/Create an Account | Top | 48 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Informative) by Hyperturtle on Monday October 16 2017, @10:40PM (2 children)

    by Hyperturtle (2824) on Monday October 16 2017, @10:40PM (#583201)

    Yes, this is all good advice.

    It can be much more complex, but one can also generate local certs as I had done. It doesn't take much to set up a CA server, but it is easier if the certs can be more easily obtained (and trusted).

    I'll admit a vulnerability in my home network, so that everyone else may benefit about what to do about it on theirs -- wireless printers. If they are old, even high end ones, they often cannot be made to host certificates for authentication/authorization. There is often no 802.1x capability for wireless printers, but a workaround can be via an ethernet to wireless bridge, like what the old Xbox used to use to connect to wifi. Similar hardware would work; if it can present a cert. There are some devices that can do that.

    What I've done otherwise and for clients is to put their printers on the wire... convenient or not. In locations where that simply is not acceptable for some reason, then the printers get put on a private network that is isolated somehow -- firewalled off, access listed off, *something* on top of the WPA2. (Don't assail me because of some problem with arp poisoning or whatever you think of -- I'm not curing a problem, I'm prolonging the inevitable and making the fruit a little too high to grab easily.)

    There are so many places with so many wifi devices and so few people checking their logs. People may laugh about printer isolation, but masquerading on a network with a printer mac address is one of the oldest tricks in the book--predating wifi, I assure you. It is incredibly easier to penetrate a network nowadays with wireless printers, outdated android devices that can be exploited over wifi are near the top of the list, too. (But now it seems that any *new* android device is at the top...)

    The Pwnpad and other open source devices have some fantastic resources regarding this--even if you don't intend to put such practice into production, I encourage anyone to take a look at what might be possible against your own network.

    I mean -- when was the last time you checked your phone's logs for hacking attempts? Or your printer? You can use a tablet nowadays to capture all print requests, save a copy, and redirect the print job to the original printer. Sure it'll drop traffic like crazy but no one is going to notice at most places. And the os will just resend the job. Griping about slow print jobs is part of life.

    Anyway, for those of you that are reading the vulnerability details, make a note of how its mostly newer, client specific OS problems that are mostly in trouble. Enterprise APs and good consumer APs already have fixes, but that doesn't stop people from wandering with their vulnerable and unpatched client devices that are the bulk of the problem.

    I would consider it strange that most new OS updates/releases seem to be preferring the method that is the easiest to hack... otherwise I have to cynically suggest it was by design, to leverage the problem and make it easier to take over the newest and otherwise most secure tablets and phones...

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 2) by Yog-Yogguth on Tuesday October 17 2017, @12:47PM

    by Yog-Yogguth (1862) Subscriber Badge on Tuesday October 17 2017, @12:47PM (#583431) Journal

    Printers... as an aside how ironic it is that according to lore the GNU GPL got its start in order to fix some printer source code but still the world does not (yet?) have a free source/open source printer for sale :|

    Not even an eight point dot matrix one... KRA-CAATCH :P :D (I wonder if I still have one hidden away in someone else's storage, I think it was an OKI, it looked an awful lot like the first picture here [wikipedia.org] but then they all did).

    --
    Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))

  • (Score: 2) by RamiK on Tuesday October 17 2017, @02:50PM

    by RamiK (1813) on Tuesday October 17 2017, @02:50PM (#583483)

    A $20 GL.iNet AP can be used as a print server (if drivers permit) or maybe a tunneled bridge: https://www.gl-inet.com/products/ [gl-inet.com]

    I think other manufacturers are also available but I don't think you can find anything as remotely open, well-supported and with such great specs-per-dollar as their hardware unless you need 5g wifi.

    --
    compiling...