If you live in any urban area in the 21st Century, Wi-fi Connections are by now, a normal part of your life. Accessing a wireless internet connection from various places has proven as one of the best improvements of modern technology but a recent discovery by Mathy Vanhoef of Imec-DistriNet (a digital information website) reveals a very dark cloud approaching.
Vanhoef has discovered a threat in the WPA2 protocol (a line of defence of protected Wi-Fi networks.) Her research indicates to the dismay of all Wi-fi enthusiasts, that a potential attacker can exploit this weakness using Key Reinstalling Attacks (KRACKs) and as a result the attacker can read previously encrypted information such as credit card numbers, passwords, chat messages, emails and photos.
The situation unfortunately gets worse. Imec-DistriNet believes this vulnerability to be the most impactful against the 4-way handshake as their observations indicate that attackers can decrypt packets sent by clients and most victims can be affected by the attack.
What exactly is a 4-way handshake?
A 4-way handshake is a type of network protocol that provides a secure authentication strategy for data delivered through network architectures. Basically, the regulator of Wi-fi connection.
Though the 4-way handshake is proven to be secure, it’s important to know that it keeps the negotiated key secret and prevents the message from being forged. However, the vulnerability lies in the key being installed more than once.
This means an attacker can re-write a similar code to disrupt the communication between the network and thus get authentication details without the victim noticing and using the illegally obtained information to do a lot of damage.
How does the attack work?
The key reinstallation attack tricks an android device to into reinstalling an all-zero encryption key, which then re-directs the original channel to the fake channel; and as a result, the attacker bypasses the additional layer of HTTPS.
The absence of the additional layer of HTTPS then makes it easy for the attacker to decrypt information transmitted by the victim, and this is achieved via tricking the victim into reinstalling an already-in-use key.
The attack can easily exacerbate from obtaining the victim’s details to injecting and manipulating data; therefore, injecting ransomware and other malware into websites depending on the network configuration.
Who is Affected?
During Imec-DistriNet’s initial research, they found that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and others are all affected by some variant of the attacks.
And thus, it is important to know any device that utilises Wi-Fi is at risk as much as the abovementioned devices. Additionally, due to the problem lying with the network, the attack works both on WPA1 and WPA2. Therefore, WPA3 is just as vulnerable as WPA1 and WPA2.
How does one prevent these attacks?
One way of preventing an adversary from reinstalling an all-zero encryption key is to patch the access points and the client devices, of which the Techtron team do on a regular basis for all their managed services client’s. It is also recommended to change passwords after the update.
Not sure if your Access Points are patched? We got just the solution for you. For more information visit our website or call us on +27 021 673 6756.