Monday, October 16, 2017

Massive New Flaw Found in WPA2 WiFi Protocol -

A major new vulnerability has been found in the Wi-Fi Protected Access II (WPA2) protocol. The vulnerability could let attackers intercept communications travelling over WiFi networks and between WiFI routers. The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks, and nearly everyone that uses WiFi across a wide variety of platforms, OS's and hardware is vulnerable. These key reinstallation attacks can be used to intercept encrypted transmissions, decrypt previously transmitted data thought to be protected, and to inject malicious malware into internet content.

Researchers have documented their discovery via a new website.

"This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on," notes the site. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."

The researchers provided a video detailing the attack on a device running Google's Android mobile operating system. USCERT also issued an advisory, warning everyone to keep an eye out for updates from their device and router manufacturers and quickly install them over the next week.

"Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a victim wireless access point (AP) or client," it notes. "After establishing a man-in-the-middle position between an AP and client, an attacker can selectively manipulate the timing and transmission of messages in the WPA2 Four-way, Group Key, Fast Basic Service Set (BSS) Transition, PeerKey, Tunneled Direct-Link Setup (TDLS) PeerKey (TPK), or Wireless Network Management (WNM) Sleep Mode handshakes, resulting in out-of-sequence reception or retransmission of messages."

Again, effectively every device that uses WiFi is vulnerable, though researchers note that Linux and Android OS users appear at particular risk, since attackers can force network decryption on clients in seconds. The security researchers had previously disclosed this related information (pdf) last August at Defcon.

There's some additional discussion about the KRACK WPA2 vulnerability in our security forum.

Let's block ads! (Why?)

see source

No comments:

Post a Comment