SoylentNews
SoylentNews is people
https://soylentnews.org/breakingnews/

Title    Severe Flaw in WPA2 Protocol Leaves Wi-Fi Traffic Open to Eavesdropping - KRACKATTACK
Date    Monday October 16, @12:46PM
Author    martyb
Topic   
from the the-sky-is-slowly-descending dept.
https://soylentnews.org/breakingnews/article.pl?sid=17/10/16/135228

Multiple Soylentils submitted stories about a newly-reported vulnerability that has been discovered in the WPA-2 protocol that secures communications on Wi-Fi networks. This is a significant vulnerability, but not quite as bad as some sensationalist headlines and stories would suggest. As I understand it, there is a 4-step process by which keys are exchanged to set up wireless encryption. An attacker can force a connection to repeat the 3rd step and thus force known values for the nonce. An attacker can leverage that information to break the encryption and, in many cases, eavesdrop on communications. In certain cases, it is possible to manipulate the communications and modify/insert a payload.

The vulnerability is in the protocol, not in a specific implementation. The spec fails to call out a mitigation that could preclude key re-use. So, it is an error of omission instead of an error of commission. An implementation can avoid this problem by refusing to reuse a previously received key.

The defect is primarily in the remote device, not in the base station. The researcher called out Android 6+ as being especially vulnerable.

A fix for BSD was silently released ahead of the announcement. I saw a report that Linux has already been patched, but without any supporting link.

The researcher, Mathy Vanhoef, has created a web site with details: https://www.krackattacks.com/. A research paper, Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 (pdf), is available.

See the Vulnerability Notes Database for information on specific vendors.

Sensationalist reports are already appearing. For a calmer view, see Kevin Beaumont's take on this at Regarding Krack Attacks — WPA2 flaw where he notes:

My suggestion for organisations is they ask their Wi-Fi network providers for patches — this is absolutely patchable, as per the researcher's own website.

Severe Flaw in WPA2 Protocol Leaves Wi-Fi Traffic Open to Eavesdropping

fleg writes:

The Guardian has an article on it here https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-security-vulnerable-hacking-us-government-warns.

Heres the researchers description...

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

From https://www.krackattacks.com

Severe Flaw in WPA2 Protocol Leaves Wi-Fi Traffic Open to Eavesdropping

Phoenix666 writes:

Warning: This may give you a case of the Mondays:

An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that's scheduled for 8 a.m. Monday, east coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

Wi-Fi WPA2 Security may be Irretrievably Broken

martyb writes:

Woody Leonhard has been my go-to source for the status of safety and usability of updates to Windows for years. He's not usually prone to alarmism, so I'm looking at this announcement on his site with a great deal of trepidation:

There's a lot of buzz this weekend about a flaw that's purported to break security on most Wi-Fi connections, allowing an eavesdropper to snoop or use the connection without permission.

Said to involve CVE-2017-13077, 13078, 13079, 13080, 13081, 13082, 13084, 13086, 13087, 13088, when they're posted.

See this thread from @campuscodi and be watching Bleepingcomputer tomorrow for details.

The reference to the tweet by @campuscodi is to "Catalin Cimpanu [who] is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more." See the tweet for references to background papers which may be of assistance in understanding the nature of the flaw and possible preparations to help try and mitigate the breakage.

There is a web site — https://www.krackattacks.com/ — which was created on October 10 that seems to be a placeholder for posting the details when they are released.

Time to stock up on energy drinks, coffee, and Pringles®?


Original Submission #1Original Submission #2Original Submission #3

Links

  1. "WPA-2 protocol" - https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
  2. "Mathy Vanhoef" - https://twitter.com/vanhoefm
  3. "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 (pdf)" - https://papers.mathyvanhoef.com/ccs2017.pdf
  4. "Vulnerability Notes Database" - https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
  5. "Regarding Krack Attacks — WPA2 flaw" - https://doublepulsar.com/regarding-krack-attacks-wpa2-flaw-bf1caa7ec7a0
  6. "fleg" - https://soylentnews.org/~fleg/
  7. "https://www.krackattacks.com" - https://www.krackattacks.com/
  8. "Phoenix666" - https://soylentnews.org/~Phoenix666/
  9. "This" - https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
  10. "Mondays" - https://www.youtube.com/watch?v=2AB9zPfXqQQ
  11. "Wi-Fi Protected Access II protocol" - https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
  12. "US CERT" - https://www.us-cert.gov/
  13. "martyb" - https://soylentnews.org/~martyb/
  14. "announcement" - https://askwoody.com/2017/is-wi-fi-security-irretrievably-broken/
  15. "this thread from @campuscodi" - https://twitter.com/campuscodi/status/919688563213684736
  16. "Bleepingcomputer" - https://www.bleepingcomputer.com/author/catalin-cimpanu/
  17. "Original Submission #1" - https://soylentnews.org/submit.pl?op=viewsub&subid=22793
  18. "Original Submission #2" - https://soylentnews.org/submit.pl?op=viewsub&subid=22792
  19. "Original Submission #3" - https://soylentnews.org/submit.pl?op=viewsub&subid=22786

© Copyright 2018 - SoylentNews, All Rights Reserved

printed from SoylentNews, Severe Flaw in WPA2 Protocol Leaves Wi-Fi Traffic Open to Eavesdropping - KRACKATTACK on 2018-01-23 18:09:33