In the past few years, we got used to the WPA2 standard providing secure Wi-Fi connection to the network. Yesterday, (October 16th, 2017), a discovered KRACKs vulnerability was published. Under certain circumstances, this vulnerability enables the Wi-Fi network to be compromised in a way that enables the attacker to read and forward communication. This vulnerability is an implementation attribute, i.e. it concerns the network cards and operation systems producers, while the WPA2 standard as such continues to remain secure.
Has the WPA2 standard been really broken?
The WPA2 standard is based on a strong AES encryption working in a CCMP mode. Distribution of keys is processed through a “4way handshake“ cryptographic exchange protocol. Both above-mentioned principles have been formally verified and are considered to be secure. The KRACKs vulnerability does not breach the WPA2 standard security in any way, but it is pointing to its wrong implementation. The main issue being that the vulnerable devices include an incorrectly implemented status automaton processing of keys exchange. Due to this defect, it is possible to repeatedly re-send the key transmitted from the access point (AP) and as a result, the device will accept it and overwrite the original key. The situation is even worse when it comes to the Linux and Android systems using the wpa_supplicant Wi-Fi administration tool. These systems replace the original key by all-zeros, which significantly degrades the encryption system, resulting in the encryption to be processed only on basis of an initialization vector that may be acquired from the transmitted frame.
It is not possible to acquire the key to the operation deciphering or the network access through the KRACKs vulnerability. Thus, it is not possible to stop the vulnerability by changing the current password. In case the WPA2-enterprise mode is used, it is not possible either to obtain the authentication data nor to disrupt the authentication process. Authenticity of the workstation being connected and the access point authenticity are both retained. The secure channel for cryptographic exchange of keys will be also retained.
What is it really about?
In order for the Wi-Fi network to become compromised, it is essential for the attacker to be located within the reach of the access point and the workstation. Then, the Man-in-the-middle type of attack is launched (the attacker positions himself as a mediator in the communication). This is done by issuing a false access point with the same address as that of the real AP, but at a different frequency. As a next step, the workstation is reset to the false AP frequency through a special frame, then the exchange of keys takes place, and when the moment is right, the key designed for encryption and deciphering of the workstation communication is repeatedly re-sent.
What will the attacker get out of it?
The attacker is able to listen in and to forward communication, which, under certain conditions, enables him to take over the TCP connection providing him with the possibility to interfere with and modify the communication of application protocols, such as the website operation HTTP protocol. In case a secure HTTP protocol is utilized, the attacker is able to plant a false certificate or is able to switch the communication to an insecure connection.
So, what does it mean in practice?
In case the attacker carries out the attack through this vulnerability, all the data transferred through the unsecured protocols becomes visible to the attacker. And in case of the secured protocols, the road to their compromising is getting much easier. Sensitive company data or access to internet banking can be the goal of the attacker. Simply put, after the attack has been carried out successfully, we lost the first line of defense.
Which devices are vulnerable?
All systems utilizing the wpa_supplicant Linux tool as a basis of the Wi-Fi subsystem are vulnerable. I.e. this covers all Linux distributions, OS X, MacOS, and 31% of Android systems. The iOS and Microsoft Windows systems are less vulnerable, which makes it impossible to launch the attack to such extent. The attacker would be able to get data from some system protocols working on broadcast principle only.
To repair the vulnerability, a new variable to the status automaton processing the 4-way handshake has to be added. Thus, it is very easy to repair it. The Microsoft company and the Debian Linux distribution have announced the repair of this vulnerability on the 10th, or 16th October, respectively.
But there is no easy way or tool to find out if the given device, or an operation system, respectively, is still vulnerable, at present.
What we recommend?
Until the device and operation systems producers repair the defect, we recommend to always use a VPN connection when on the Wi-Fi network. For enterprise customers, we recommend enforcing connection through VPN by central security policies, based on the actually utilized technology. All other security provisions, such as utilization of HTTPs for communication on the website, can be bypassed.
How to protect yourself further from the KRACKs vulnerability? Follow your device producer’s website in order to find out if the security patch has been released. Update!