WiFi and WPA
Now a days, every offices, houses, hotels, parks, hospitals, almost everywhere there is wifi. But the real question is, are they secure?If your wireless access point is not properly secured, people from other houses, offices or nearby buildings can gain access to it. People who are able to connect to your wireless router or network, may be able to
- Monitor all the websites that you visit
- Log your usernames and passwords
- Read all your emails as they travel through the network
- Slow down your computer or laptop and the Internet connection speed
- Perform illegal activities using your Internet connection or even
- Spread a virus or a worm to all devices in the network
In order prevent these attacks and stop unauthorized access, there are certain security measures adopted. As mentioned here, WPA was considered as the world’s safest WiFi security that couldn’t be cracked. The successor of WEP is something called WPA. WPA stands for Wifi protected access. Here the Initialization vector is longer than that of WEP. Here another method of ciphering the information using the RC4 cipher and an integrity protocol called TKIP of Temporal Key Integrity Protocol is used.
Each packet transmitted using TKIP has a unique 48-bit serial number that is incremented every time a new packet is transmitted and used both as the Initialization Vector and part of the key. Putting a sequence number into the key ensures that the key is different for every packet. WPA is backward compatible which means WPA can be used on the same hardware that supported WEP. We just have to upgrade the software for that.
But it seems like this has been compromised. A new flaw has been discovered in the core protocol level implementation of WPA2 WiFi.
The KRACK – Key Reinstallation Attacks
Key Reinstallation Attack (KRACK). It breaks the WPA2 protocol by forcing nonce reuse in encryption algorithms used by Wi-Fi.
Last year a paper was published by mentioning about the generation of random numbers which were later used to create various group keys such as Pre Shared Encryption Keys in WPA networks are not random enough and are predictable. With this in mind, researchers has been constantly working on attacking WPA networks and it looks like they have been successfull in breaking the so called “Security” in WPA networks.
The KRACK Attack is performed against a 4 way handshake which is performed when a client wants to join a Wireless network that is created by an Access Point. During a 4 Way handshake, a FRESH encryption key is generated that will be used for encrypting the data that is exchanged between station and client. This key will be installed by the client when it receives the third packet of the 4 way handshake.
If the message 3 is not received by the client, it will not send the acknowledgement to station. If station doesn’t receive the acknowledgement, it will re-transmit message 3 to client. This means that the client may receive message 3 multiple times. Whenever message 3 is received by the client, it will reinstall the key over and over again resetting incremental transmit packet number (nonce) and receive replay counter used by the encryption protocol.
In Key Reinstallation Attack attacker collects and resend message 3 of the 4 way handshake to force these nonce reset resulting in decryption of the packets, replay attacks and man in the middle attacks.
Mathy Vanhoef, a Doctoral Researcher will reveal his findings today at 10 PM AEST.
Proof Of Concept
- CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
- CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
- CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
- CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
- CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
- CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
- CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
- CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
- CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
- CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
The research paper can be viewed from here : Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2.
This is a core protocol-level flaw in WPA2 wi-fi and it looks bad. Possible impact: wi-fi decrypt, connection hijacking, content injection.
A successful attack can result in decryption of Wireless Network traffic Packets revealing personal information such usernames, passwords, bank accout numbers, personal mails etc.
Hackers can also add his own malicious contents in the network packets such as phishing links or messages which will redirect the victims to his/her phishing sites. An attacker can even inject malware or others malicious scripts to the network data packets.
Currently this exploit works only on android and linux devices. Vendors are already aware of this flaw and they have taken steps to prevent these attacks in the future. Patches has been developed by major companies and the firmware can easily be upgraded in the currently active routers that uses WPA. Even though 90% of the current users are not aware and are suspected to be vulnerable to these attacks. Millions and millions of IOT devices faces this threat and there is nothing we can do about them.