web analytics

KRACK Attack Threatens All modern protected Wi-Fi networks

KRACK Attack Threatens All modern protected Wi-Fi networks

There is a serious weaknesses discovered in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using Key Reinstallation AttaCKs (KRACK). The attackers can use this novel attack technique to read that was previously assumed to be safely encrypted. This can be abused to steal sensitive such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject or other malware into websites.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as updates become available. Note that if your device supports Wi-Fi, it is most likely affected. Recent researches discovered that; Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.

The 4-way handshake of the WPA2 protocol is executed when a client wants to join a protected Wi-Fi network, and is used to confirm that both the client and access point possess the correct credentials (e.g. the pre-shared password of the network). At the same time, the 4-way handshake also negotiates a fresh encryption key that will be used to encrypt all subsequent traffic. Currently, all modern protected Wi-Fi networks use the 4-way handshake. This implies all these networks are affected by (some variant of) our attack. For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES.

In a key re-installation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once.

Android and Linux: The attack is especially catastrophic against version 2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux. Here, the client will install an all-zero encryption key instead of reinstalling the real key. This appears to be caused by a remark in the Wi-Fi standard that suggests to clear the encryption key from memory once it has been installed for the first time. When the client now receives a retransmitted message 3 of the 4-way handshake, it will reinstall the now-cleared encryption key, effectively installing an all-zero key. Because Android uses wpa_supplicant, Android 6.0 and above also contains this . This makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices.

Users should keep using encrypted Wi-Fi wherever necessary, such as at home and at work. However, you might want to avoid using the Wi-Fi networks, even password-protected ones, in coffeeshops, hotels, airports and other public places for the time being. Use cellular data or a VPN service instead.

The flaw was discovered by a security researcher, and there is no evidence that it’s widely been exploited. The major companies have known about the flaw for months, and some of them have already released patches for affected software and hardware. A list of vendors that have already issued patches is available at https://www.kb.cert.org/vuls/id/228519 , so that users could update their routers, smartphones and laptops as soon as possible. Also, you can find the comprehensive list of vendors at ZDnet website.

Both Apple and Microsoft have released patches to address the issue. As long as you keep your system updated regularly, you won’t have to worry about your computer falling prey to the fake networks. Newer builds of Linux are also in good shape, but to be fair, Linux is hardly a hotbed of attacks to begin with.

While iOS is fully secured, newer versions of Android are not yet secured. Since every manufacturer and wireless carrier uses a slightly different version of the Android OS, it is difficult to say when your device will be patched, or will it ever. Google is currently aware of the issue. It is suggested to use mobile data whenever possible instead of Wi-Fi, unless you are at home or the office.

Unfortunately, only a handful of router manufacturers have taken proactive steps to address the flaw. Cisco,Netgear have released the patch already. However, D-Link, Linksys,TP-Link are yet to release.

The fact is that there will probably never be complete protection against KRACK among routers and mobile operating systems, simply because the market is so enormous and fractured. The best you can do is avoid public Wi-Fi whenever possible; even if it’s secured with a password, use mobile data if you can and keep the firmware updated on your own router at home.

Credits: https://www.tomsguide.com/us/protect-your-router-krack,news-25999.html

[amazon_link asins=’B075CLG8CT,B0768YYS99,B01HBN4TAK,B071ZSJ857,B01JZ8Z5XE,B06XBCXDQ6,B01MUK0CT8,B00PVDF83A’ template=’ProductGrid’ store=’softcarecs-21′ marketplace=’IN’ link_id=’29532d96-b3ec-11e7-b32a-dfd0da79b2c5′]


Linux & Windows Geek, Blogger & System Administrator

Leave your message

Scroll Up