Our Once Secure Wi-Fi Standard Has Been Seriously ‘KRACK’ed

The potential for infiltrating public Wi-Fi networks has always been a known target for hackers to abuse. But hackers have now ‘KRACK’ed their way into secure Wi-Fi networks. According to Mathy Vanhoef, a cyber security expert, he has discovered a flaw in the WPA2 Protocol and coined the term KRACK, meaning Key Reinstallation Attack. His findings are quite startling. He revealed on his KRACK website, that this bug can be used to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the encryption method used, in networks utilizing WPA-TKIP or GCMP, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites. Vanhoef states that this weakness allows attackers to target not only vulnerable access points, but also vulnerable computers, smartphones as well as other types of connecting clients, varying on different levels of difficulty and effectiveness.

What does this mean for businesses? What do you need to know and understand in order to protect your company? We are here to tell you.

WPA2 ‘KRACK’ed Wide Open: How It Works

Typically, when you set up a new Wi-Fi network, the common practice is to tick the “WPA2” box. This is due to the fact that, Wi-Fi Protected Access 2 is the current industry standard for encrypting traffic on Wi-Fi networks, and deterring unwanted guests. This has been the secure option since 2004 and these WPA2 networks are common everywhere, making WPA2 almost a standard, globally. But what wasn’t known, was that they are susceptible to cryptographic attacks.

According to the research conducted by Vanhoef, in order for an attack to be carried out, the attacker needs to physically be in the range of the targeted Wi-Fi network. Though this is great limitation for an attacker, there are millions of Wi-Fi enabled devices worldwide, making this a huge concern.

It is safe to assume that “any correct implementation of WPA2 is likely affected”, Vanhoef urges.

The Four Way Handshake

The four-way handshake is utilized when a client wishes to join a Wi-Fi network. This process assures that both the client and the access point hold credible credentials. Simultaneously, the four-way handshake exchanges a new encryption key that will be utilized to encrypt future traffic. In order for this new key to be installed, 3 out of 4 messages have to be received by the four-way handshake. Once the key is installed, it can be used to encrypt normal data frames, using an encryption protocol. The vulnerability described by Vanhoef, relies on manipulation of the cryptographic hand-shake, specifically the third message. The WPA2 protocol is designed to protect the session from potential packet loss, allowing the access point (AP) to re-transmit message 3 if no appropriate response was received. If multiple messages are sent, the client will then reinstall the same encryption key each time, resetting the incremental transmit packet number, called “nonce”. Vanhoef demonstrates that, “an attacker can force these nonce resets by collecting and replaying retransmissions of message 3 of the 4-way handshake”, hence the name: “Key Reinstallation Attack”. Through this type of enforcement, the encryption protocol is compromised. This same attack can be used to attack the group key, PeerKey, TDLS, and fast BSS transition handshake. As it stands, all Wi-Fi networks utilize this four-way handshake, which also infers that all these networks have been affected, by at least one variant of this attack.

So How Bad Is It, Doctor?

The decryption of packets is only possible because a key reinstallation attack causes the nonces, a major part of the WPA2 encryption process, to be reset to zero. As a result, the same encryption key is used with nonce values that have already been used in the past. In turn, this causes all encryption protocols of WPA2 to reuse keystream when encrypting packets. When a message is encrypted by a reused keystream and has known content, it becomes trivial to derive the used keystream, and decrypt the message. When there is no known content, it is harder to decrypt packets, although still possible in several cases. Vanhoef urges that finding packets with known content is not a problem, so it should be assumed that any packet can be decrypted.

WPA-TKIP or GCMP encryption protocol are vulnerable and potentially damaging, compared to the AES-CCMP. Against these encryption protocols, nonce reuse enables an adversary to not only decrypt, but also to forge and inject packets. Moreover, because GCMP uses the same authentication key, in both communication directions. If one can recover this key, by reusing nonces, this can be especially damaging. 

Bad as it might seem, the attacks described here, do not uncover the password of the Wi-Fi network. They also do not uncover (any parts of) the fresh encryption key that is negotiated during the 4-way handshake. They allow an adversary to degrade the encryption method to the point where decrypting it is rather trivial.

But Wait, Crypto-Related Vulnerabilities Are Spreading!

Before we have even uncovered the full story of KRACK, it hit yet again, with another worrying vulnerability. Companies like Microsoft, Google, Lenovo, HP and Fujitsu have already warned their customers that they may possibly been subjected to a serious vulnerability. This flaw has been coined “ROCA”, which refers to the Trusted Platform Module (TPM) used to cryptographically sign and protect computer systems and services.

This attack type, permits a threat actor to use a target’s public key to generate a private key. The ROCA attack affects chips that were manufactured by Infineon in as early as 2012. “Only the knowledge of a public key is necessary and no physical access to the vulnerable device is required,” the researchers said.” The vulnerability does NOT depend on a weak or a faulty random number generator—all RSA keys generated by a vulnerable chip are impacted.”

The end result is that the attacker could eventually impersonate the owner, manipulate the victim’s personal data, inject malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with the targeted computer.

What can you do?

That’s right guys, I am going to sound like a broken record- patch those patches! For now, I would definitely be wary of using any public Wi-Fi. Don’t use private credentials in these areas, this holds true for the next year. It is important to realize that, in a public Wi-Fi zone, you never know if it has been patched or not. Regard these networks with caution, as if they are owned by the attackers themselves. Do not access any sensitive sources while surfing on such untrusted Wi-Fi networks. Applying 2-factor authentication on your critical accounts, could also help minimize the risk and restrict the threat actor’s capabilities. Go ahead and update your Wi-Fi devices like smartphones, tablets and laptops as soon as those updates become available. If possible, users are also advised to update their router’s firmware. Vanhoef urges personal users to patch their own personal devices their watches, TVs and even cars. One should be in touch with the relevant vendors in order to inquire about the relevant patches. Microsoft has already released their patches, along with Cisco who is continuing to publish their patches. Apple has fixes for Mac and iOS which will be released in the coming weeks. Patching also applies to the ROCA attack. Major vendors have already released their patches for hardware and software. Furthermore, this vulnerability which was discovered by Infineon Technologies, will be presenting their full findings on November 2nd at the ACM Conference on Computer and Communications Security.

Routers

For those who are utilizing routers, or PCs and smartphones that have not come out with updates, here’s what you can do to protect your online privacy. Using a Virtual Private Network (VPN) software will protect you and it will also encrypt your traffic. Another option is to use HTTPS encrypted websites, but be wary there are downgrade attacks that are capable of removing those protections. Changing your password is NOT SUFFICIENT protection against this attack, although it is nevertheless a good idea.

The Light at the End of the Tunnel

What is important to remember here is that these attacks are highly targeted. They are limited to the hacker being in physical range of the device. The attackers can only be in so many Wi-Fi zones at once. On a positive note, it forces us to take a proactive approach to ensure our security. So, I’m going to reiterate my advice, patch those patches, and apply those updates. Remember, you are only as strong as your weakest link- so don’t let there be a weak link to expose you.

Want to find out how Cyberint have protect your organization from vulnerabilities like KRACK, click here to be in contact with us.