General 4min de Leitura - 17 de October de 2017

Understanding the KRACK vulnerability in WPA2 protocol

Dispositivos eletrônicos sobre mesa

This post is also available in: Português English Español

[rev_slider alias=”ebook-ransonware-360-280″][/rev_slider] On October 16tha serious vulnerability was revealed in the WPA2 communication protocol, and in its older version, WPA1, used to increase the security level of the wireless networks. WPA2 is used in most home and corporate environments to protect Wi-Fi networks and was previously considered safe since no major faults were known.

This vulnerability enables a malicious person within network reach to intercept information between connected devices and the wireless router or asset to obtain sensitive data from decrypted connections such as credentials for access to a variety of services, e-mail, instant messaging, and credit card numbers.

In specific cases, depending on network and device configurations, information may also be injected into connections, for malware replication and its most recently feared variant: ransomware. Despite a very serious vulnerability, it is important to give due weight to the exploratory and scale of destruction character, which is very different from those seen in 2017 with ransomwares.

The vulnerability was discovered by Mathy Vanhoef, researcher at the Leuven University, Belgium, postdoctoral fellow in information security, so he named it KRACK(Key Reinstallation Attacks).

Understanding the Flaw

The vulnerability can be exploited through a 4-way WPA2(handshake). This is a procedure performed when a device wants to join a protected Wi-Fi network, where access point and client verify that the credentials to establish the connection are correct and negotiate a key to encrypt all traffic from that moment.

After the third handshake message is received by the client, the cryptographic key is installed. However, in the middle of this negotiation, messages can be lost or discarded. When the access point does not receive an acknowledgment of the message sent, it retransmits message #3 so that the client can receive that specific message several times by reinstalling the same cryptographic key each time the third message is received. This is where the attack begins.

It is important to note that attacks are directed at devices (clients) that connect to the network, not against access points, and are performed the moment a device is joining the network when the handshake is performed. However, there are ways for an attacker to force a disconnection (and automatic reconnection) of a device so that it can then perform the attack. Therefore, it is not correct to state that after connected the device is safe.

Since exploiting the vulnerability, despite tools already disclosed, still requires a technical mastery of what is being done, the ability to scale the attack causing catastrophe is very remote. This does not mean that you do not need to follow good practice; caution is needed.

Who is vulnerable?

The attack has the potential to affect all modern wireless networks, given that the fault found is in the Wi-Fi standard itself, not on specific devices or how they were configured. Therefore, any device with ability to connect to a wireless network is vulnerable to KRACK.

For Android systems (version 6.0 onwards) and Linux, the attack can be even more serious. Both use the same tool (wpa_supplicant) to negotiate encryption keys on WPA and WPA2 networks. Due to its operation, it becomes simpler to intercept and manipulate the traffic sent by devices that use those systems.

But it’s important to note that all other systems can also be vulnerable, such as Windows, iOS and macOS. Some vendors have been notified of the vulnerability before its release and have made updates available that correct the exploit, but many have yet to comment on the vulnerability.

In this linkyou can check a list of manufacturers that have devices or systems that can be exploited.

What to do?

As mentioned, some system vendors and Linux distributions have already made updates for fault correction. Microsoft, for example, has released an update on Oct. 16th, which aims to fix the problem in Windows 7 and newer versions. Google is expected to make a fix for Android in the coming weeks.

So consulting the vendor of your devices and keeping your system up to date is essential.

Although the problem in question is not directly related to Wi-Fi access points and routers, some manufacturers of these devices are making updates that make it difficult to exploit devices despite their vulnerabilities.

Due to the attack method, wireless password exchange (although always recommended) does not help to avoid KRACK, since the attack is not directed and does not depend on password access. Similarly, using an older protocol, such as WEP, is even less recommended because it is much more fragile than WPA2, even with this vulnerability.

Faced with this scenario, we’ve compiled a few guidelines that can help you cope with the crash until a fix for your devices is made available:

  1. Do not despair of the readings and materials of the internet, many of unskilled sources tend to give unnecessary emphasis. Still, some security vendors have been trying to gain advantage and positioning commercially. Yes, the breach is serious, but the possibility of chaos is remote;
  2. Whenever you use a wireless network, try to use services that provide secure connections, protocols that use integrated SSL/TLS. While this may also be weakened by vulnerability, there are easy ways to validate whether you are using a secure connection;
  3. Avoid using hotspots (public networks), and never use this for sensitive accesses such as banking or access to systems that contain critical information (now more than ever);
  4. Within companies, try to guide key users, directories and others who have access privileges, not to use the wireless network for these purposes until their systems are properly updated and corrected;
  5. Map all the wireless devices you have and follow the launch of new firmware. Although the attack is directed at the clients of a connection, updating the devices is also a good practice to minimize the impacts;
  6. Create a computer update plan. If you are in a company with a controlled environment, there are specific softwares to do it in bulk. Otherwise, target the team and start upgrading them in order of priority;
  7. Create an internal dissemination material to make users aware and give recommendations regarding the use of wireless networks as well as to update their devices. This is a utility service for everyone.

For further information and technical deepening:

[rev_slider alias=”hor-post-ransomware”][/rev_slider]

Keep reading

[latest_post type=’boxes’ number_of_posts=’3′ number_of_colums=’3′ order_by=’date’ order=’ASC’ category=’problem-recognition’ text_length=’100′ title_tag=’h4′ display_category=’0′ display_time=’0′ display_comments=’0′ display_like=’0′ display_share=’0′]

This post is also available in: Português English Español