Security is a major talking point in recent years, which can be applied to many forms of technology. It can refer to things such as the Heartbeat SSL bug, game console hacking or the safety of your data. On our devices, security may refer to the ease of gaining root access, or the potential for viruses, but of course, security can refer to a wide range of topics. WPA2 regarded as the most secure consumer WiFi protection, and the most widely used network security protocol has been broken by KRACK due to a severe flaw in how the WiFi standard technology itself works.

WPA2 is the standard network security protocol, largely used in replacement of WEP. It was regarded as safe and largely uncrackable, dynamically generating new keys to encrypt packets. The Advanced Encryption Standard (AES) is used, for more safety barriers which should deem the protocol safe when taking the usual precautionary measures of having a longer password, disabling WPS and all that. Technically the problem isn't WPA2 at all.

However, a proof of concept shown in a research paper by Mathy Vanhoef shows how WPA2 isn't as safe is it may seem. A proof of concept exploit called Key Reinstallations Attacks (KRACK) will be presented on November 1st, at the ACM Conference on Computer and Communications Security in Dallas. The outlined attack works on all modern WiFi networks, and if your device supports WiFi then you are likely already affected. During their research, it was found that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and other devices were all susceptible to the vulnerability in some shape or form.

What's worse, the 41% figure is only for the most devastating form of this attack. The attack can be manipulated for a wide range of devices, but the worst is for devices on Android 6.0 or higher, as they have a version 2.4 or higher wpa_supplicant. How it works is simple, feel free to watch the video below or read on for an explanation.

https://www.youtube.com/watch?v=Oh4WURZoR98

How KRACK Works

KRACK works firstly by creating a second WiFi network, copying all attributes of the original except working on a different channel. It then attempts to contact the device it is targeting, forcing it to connect to the new network on a separate channel using what's called a "CSA Beacon", or Channel Switch Announcement. This tells the device that the channel it needs to connect to has changed, so now the device will connect to the "rogue" network. The network the device is forced to connect to (the rogue network) will forward internet through it to another connection. This allows the attacker to later steal the decrypted data.

Next the program "sslstrip" is run, which manipulates all traffic not on port 80 (HTTP requests) to move to port 10000 (used by the program modifying the data). Any HTTPS requests (usually on port 443, so they are redirected to port 10000 when sslstrip is running), will have the secure data request stripped and then sent through as normal. This means that even if you visit a HTTPS link, sslstrip will remove all encryption data in the request and you will visit a HTTP version of the website. Improperly configured websites will allow this to happen, and a properly configured website will deny the request and not work without HTTPS.

Next, WireShark is set up to monitor all traffic running through the network card of the computer. As data is being forwarded through the computer, any requests by the device connecting will also be seen. HTTPS requests cannot be viewed in WireShark as they are encrypted, but HTTP is easily read by an attacker. The demonstrator shows how the username and password that he enters into the website can easily be read, where "username" and "password" are clearly seen. This is because the website the demonstrator uses (match.com in this case) does not force the user to use HTTPS.

This works because the attacker can simply request the third handshake out of four in the key generation. Connecting to a WiFi network requests four handshakes between the device and the network. A handshake is simply the devices connecting and sending requiring data between both. Simply by resending the third handshake over and over again, the encryption key generation can be manipulated. Eventually an all 0 key can be generated, which can allow the attacker to decrypt the data and view it.

This is a perfect exploitation of the WiFi protocol and can be applied to many devices. There are many variants of this attack, but the simplest and most effective is the one described above, affecting any Android device above Android 6.0. Hopefully a security update comes out soon to fix the vulerability, but for now the best thing you can do is be careful of the networks you are connecting to and use a VPN if you can at all times.


KRACK

Via: ArsTechnica