KRACK in WiFi

Researchers have discovered a serious security flaw that would make home Wi-Fi and all equipment connected to it, easily hackable.

The fatal flaw, known as KRACK (short for, Key Reinstallation Attack), directly affects the WPA2 protocol.

Background

The creator of the first computer worm transmitted through the Internet was Robert Tappan. He created the Morris Worm in 1988.  A student of Cornell University, he said that he had only wanted to determine the vastness of the cyber world. As a result about 6,000 computers were damaged. In 2000, 15-year-old Michael Calce decided to unleash a DDoS attack on a number of high-profile commercial websites including Amazon, CNN, eBay and Yahoo!. It resulted in $1 billion dollars in damages.

There have been increased number of cyber attacks in 2017. The WannaCry ransomware attack that took place in May 2017, ended up affecting over 250,000 computers in 150 countries in a span of 24 hours. It was a serious attack with the infrastructure of critical organizations being hit including Britain’s National Health Service.

In June 2017, companies and agencies across the world were victims to a number of virulent ransomware. The attack seemed to have specifically targeted Ukranian businesses and Russia’s biggest oil company. India was also affected by these attacks with one of the country’s largest ports shut down operations for the day. Danish shipping firm Maersk and British advertising agency WPP (WPPGY) were among the global companies that were hacked.

WiFi is a technology for wireless local area networking that allows computers, smartphones, or other devices to connect to the Internet. It also enables these devices to communicate with one another wirelessly within a particular area. 

Analysis

A group of researchers have discovered a serious vulnerability within the WiFi that could allow attackers to get access to sensitive information. The flaw has been named KRACK (short for Key Reinstallation Attack) and it directly affects the WPA2 protocol. This is found in nearly every WiFi enabled device. Thus, any information transmitted through WiFi is vulnerable to hackers.  

"This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on," explain KU Leuven's MathyVanhoef and Frank Piessens, the researchers that found the problem. "The attack works against all modern protected Wi-Fi networks." He added, ““This attack abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key. This resets the key’s associated parameters such as transmit nonces and receive replay counters. Several types of cryptographic Wi-Fi handshakes are affected by the attack”.

The team has also explained, “Our main attack is against the 4-way handshake of the WPA2 protocol. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to confirm that both the client and access point possess the correct credentials." During the attack, a hacker could trick a device into reinstalling one of the encryption keys that is already being used.

The researchers have shown that this vulnerability exists across nearly all devices that can connect to WiFi including Android, Linux, Apple, Windows, OpenBSD, MediaTek, and Linksys systems. Currently 31. 2 per cent of Android devices are vulnerable to KRACK. The team has also demonstrated the vulnerability in a video.

Microsoft has already released a software update to address the issue. The company has release a statement, “Microsoft released security updates on October 10th and customers who have Windows Update enabled and applied the security updates, are protected automatically. We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates”. Apple has also announced that it has moved to address the vulnerability. Additionally, the United States Computer Emergency Readiness Team issued a warning as part of its KRACK Wi-Fi attack, according to Ars Technica. The statement read, “US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected”.

However, experts have cautioned the public against panicking. Many have urged people to install the latest updates in their devices to ensure they are safe. "Whilst Krack adds a new tool to the attacker’s arsenal, its scope is relatively narrow," says Andy Patel, a security researcher at F-Secure's research labs. "However, if tools designed to weaponize this attack are made sufficiently easy to use, it’s very likely that miscreants will use them anyway."

Assessment

Our assessment is that KRACK proves that millions of devices connected to the internet are now exposed to perpetrators who can attack across all verticals and paralyze vital systems across the world. We have earlier stated that governments are becoming increasingly vulnerable. This should be considered a wake-up call and governments and large conglomerates should act accordingly. The general public should also act cautiously as this highlights that public WiFi could be a threat to their own privacy and security.