By Akshay Asija
The IEEE 802.11i protocol, commonly known as the Wireless Protected Access 2 (WPA2) protocol was recently discovered to have a serious flaw by a Belgian researcher, Mathy Vanhoef. The vulnerability can be exploited by hackers to intercept the data being transmitted/received by a device or access point as long as they are within range of the vulnerable device. Even encrypted data can be compromised by abusing this to exploit (called KRACK, short for Key Reinstallation Attacks). KRACK can also be used to launch a ransomware attack by injecting malicious software into websites being accessed by a given client. Being the universal standard for Wi-Fi encryption, the WPA2 protocol is involved in a majority of the worlds information exchange. Consequently, the sheer magnitude of sensitive data that can be accessed by attackers via the KRACK exploit could be alarming.
Likely targets
The KRACK vulnerability targets the root of the WPA2 protocol and is the most potent against Android, Linux, and OpenBSD devices. Devices running Mac Operating System (OS) and Windows, as well as MediaTek Linksys, among others can also be affected, although to a much lesser extent. The greater susceptibility of Android and Linux devices is due to the fact that attackers can force network decryption on these devices with relatively less effort. Thankfully, software patches for clients and devices against the KRACK vulnerability have been developed, or are being developed. Devices connected to potentially harmful access points can also be patched. At the time of writing, patches for Linux have been developed, but the time of their release could not be ascertained. Microsoft has issued patches for devices running the supported and up-to-date versions of Windows, while Apple has released the patches in the latest beta releases of its iOS and macOS operating systems. Googles Android OS, the most vulnerable of the lot, is yet to receive any software patches.
One aspect of the KRACK vulnerability is that visiting the secure Hyper Text Transfer Protocol (HTTPS) -protected Web pages is also not completely effective against such attacks because badly configured HTTPS sites can be forced by attackers to switch to HTTP based transmission, thereby compromising the users connection.
How it works
The basic principle in WPA2 protected transmission is called the four-way handshake. When a client joins a WPA2-protected Wi-Fi network, the handshake (a term for the exchange of information packets between the client and an access point) is used to confirm that both the client and access points have proper credentials (exchanged as software keys). Attackers can use KRACK to deceive clients and have them reinstall a key that is already in us. This can, in turn, allow the hackers to bypass any encryption applied to the messages being transmitted, and gain access to those.
While large corporate and government Wi-Fi networks face the most amount of risk, home Wi-Fi users are vulnerable, too, especially if they connect with Linux or Android devices. Going forward, the least users and corporations can do is to keep all their devices up to date with the latest security patches, and be careful when using public networks, in general.
Featured Image Source: Pexels