The Lowdown On Wi-Fi Weaknesses

Published 31 October 2017

Did you know that 88% of UK adults have used the internet recently? As in, in the last 12 hours? That’s 100 million people all accessing the internet. And most of those people will access the internet via some sort of Wi-Fi connection. Which is why there has been such a widespread panic when a major security flaw was unearthed in the protocols that protect modern Wi-Fi connections. This small flaw, if exploited, could give hackers access to credit card details, photos, private messages – anything on your Wi-Fi network. But what exactly is this weakness, and what can you do to protect yourself and your data?

What Has Been Found?

Earlier this month, researchers looking into forcing nonce reuse in WPA2 discovered a fatal weakness in the security protocol WPA2 – the protocol used to protect modern Wi-Fi networks from attacks. The previously solid protocol has essentially been broken, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks, according to the researcher who discovered it. This has resulted in several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. And unfortunately, as this is a protocol-level problem, most (if not all) correct implementations of this standard will be affected. It’s not just desktop computers that are impacted either – the vulnerability affects all major modern devices and operating systems – including Android, Apple, Windows, Linux and all mobile devices.

Researcher Mathy Vanhoef, who discovered the weakness, stated that “Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on.” Vanhoef also emphasised that “the attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”

How Does It Work

During their research, Vanhoef and his team conducted multiple attacks on the WPA2 protocol, testing it for weaknesses. Their successful attack was against the 4-way handshake of the protocol, which is initiated when a client wants to join a protected Wi-Fi network. The WPA2 protocol is used to confirm that both the client and the access point possess the correct credentials (in this case, the passwords). While this exchange is happening, the 4-way handshake negotiates a fresh encryption key that would be used to encrypt all subsequent traffic. At present, all modern protected networks use this 4-way handshake, meaning that all networks could be subject to some form of Wi-Fi based attack. The researchers used a novel technique to expose this problem, which they have named a key reinstallation attack or KRACK attack.

Vanhoef describes this technique in his research paper:

“In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.”

You can find full details of the vulnerability, including how it was found and a demonstration of how it works in the research paper here.

It’s Not All Doom And Gloom!

Of course, like with any bit security flaw, it’s not gone unnoticed. Security experts have been quick to jump on this one. And the good news is that the problem is patchable. While it is a major problem (particularly for Android users, 41% of whom are vulnerable to a devastating variant of Wi-Fi attack), it isn’t insurmountable. Patches can be (and are) developed for it, but this will take time to finalise and roll out. So now, more than ever, it is essential that users are keeping their software up to date and installing security patches as soon as they are available. If your device supports Wi-Fi, then it is most likely affected by the problem.

For businesses, this represents a major problem. Although Microsoft has since released a patch to fix the vulnerability, there has currently been no resolve mentioned for this weakness across Android, Apple or Linux. This vulnerability has highlighted the fact that even our most basic assumptions about digital security can be completely wrong. At Bridewell, we specialise in helping businesses discover through wireless pen testing and fix their security vulnerabilities from all angles. From extensive security testing to detailed reports and consultancy, our experts can help make your business more secure. For more information, please get in touch with our team today.