Just today, reports keep coming about the well-known WPA2 Wi-Fi encryption protocol which is apparently flawed that could allow hackers to intercept and read traffic being sent into all over a wireless network. And now several details are rising regarding the scale and severity of the potential threat.
The attack or security flaw is referred to as KRACK short for Key Retransmission Attack which could allow hackers to trick users into using a compromised encryption key. A lot of operating systems are at risk such as Android, Linux, Apple, Windows , OpenBSD, MediaTek, Linksys, and others but the topmost ones that will be most likely affected are Android and Linux operating systems. According to Mathy Vanhoef – the one who discovered the issue – 41% of Android devices are susceptible to an “execeptionally devastating” variant of the WPA2 attack, making it “exceptionally trivial” to control and intercept traffic. That being said, Vanhoef also emphasized that the problem is not with the implementation of the WPA2 protocol but with the protocol itself.
According to Vanhoef:
“In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.”
As of now, it is still hard to tell how bad the attack can be as there are still no reports regarding any attacks concerning the WPA2 protocol, however, the research paper notes these kinds of attacks would be difficult to detect.
To be more specific, the security flaw in the Wi-Fi network allows an attacker to intercept traffic between devices and a router which enables them a peek inside all non-SSL traffic. Meaning to say, with the attack, attackers can get a glimpse of confidential data like credit card information, passwords, logins, and chat messages and so on. And since they can also interfere with traffic, theoretically, it allows an individual to inject a ransomware or malware infection unto unencrypted websites in an ad hoc basis.
Vanhoef mentioned that the potential attack could be prevented by using backwards-compatible software patches. Some companies like Apple has already provided patches for all their products and will most likely release a patch for everyone in the coming months, while Google, which is already aware of the issue has promised to provide patches which will be available in the coming weeks. Once a patch is available for your router, you should update the firmware as soon as you can. Security experts also advised to keep all devices updates as much as possible as this can lessen the risk of the attack until a patch is available.
The Wi-Fi Alliance group has released a security advisory which expressed their gratitude to Vanhoef for his work, stating that they are already aware of the problem and that major platform providers are already working towards deploying patches.
The bummer is that some users are not so good with patching things. And even in 2017, it is common to hear echoes of servers that are still connected to the internet that are vulnerable to Heartbleed and Shellshock – although there are some cases where users are not presented with the option to patch their devices. Another bummer is that even though Android devices are the ones at most risk here with this vulnerability, the Android landscape is noticeably notorious for its fractured behavior, with manufacturers creating updates and security patches at an agonizingly slow rate – if they even bother at all.