On Monday, security researchers at the University of Leuven in Belgium revealed what is being purported as a very severe flaw in WiFi security. The Key Reinstallation Attack (KRACK) is the first major flaw found in WPA2 in quite a while. As a result, an almost full-blown panic has ensued among tech media and general news outlets creating a large amount of worry. But how bad is this attack really? And should we be panicking about it? To find out we’ll need to understand a little bit about how WiFi security actually works:
Wireless Security and the Four-Way Handshake
The way wireless networks work is that there is a radio communication link between a Client ( a laptop, cell phone, tablet, printer, etc) and an Access Point (usually a wireless router). Since wireless communication is nothing more than radio signals being transmitted (just like an AM/FM radio) it’s not difficult for someone to “listen in” to whatever data is being sent or received over the wireless connection. As a result, we use wireless encryption which scrambles the messages being sent between the clients and APs so that nobody can eavesdrop.
WPA2 is the current encryption protocol that is used by most networks and the subject of the attack in question. WPA2 has been around for quite a long while (11 years) and is widely considered to be the most secure standard for encrypting WiFi traffic. If your WiFi network has a “password” on it, chances are it’s using WPA2 encryption. If your network doesn’t have a password, then you’re running what’s known as an “open” network that is not encrypted (which means people can eavesdrop).
When a client attempts to connect to an AP that is using WPA2 encryption, a sequence known as a Four-Way Handshake is done. You can think of this as a bit of a mating dance between the client and the AP before they are connected. The term “For-Way Handshake” comes from there being 4 separate, super-secret, messages that are sent/received by the AP and client. Each of these messages is prefaced by something called a “Nonce” which is simply a number that is to be used once and never again. It is important that this number is not used again, as it allows an attacker to be able to easily decipher the secret messages and thereby crack the encryption.
So now that we know the (very) basics, we can dive into how this attack is actually done. During the Four-Way Handshake, the first message is sent from the AP to the client using a Nonce that we’ll say is 0001 for simplicity’s sake. The client then sends back a message with it’s own Nonce that we’ll say is 0010. After receiving the message, the AP sends the third of the four messages, using another Nonce of 0002 (remember, you can’t ever use the same Nonce twice!) and the client answers back with the fourth, and final message with a Nonce of 0020 (again, this is a very basic example).
But what happens in the event where one of those messages are lost? Well, each side will simply re-transmit the message after a short period of not hearing anything back. The problem however lies with the third message: Say the message (which is coming from the AP to the client) hangs for a moment but eventually goes through, the AP doesn’t hear back quickly enough from the client so it re-transmits the message. The client however has now received the same message twice and, as a result, does the same thing twice. But more importantly it resets it’s Nonce (so, in this example, it would go back to 0010) and then sends the final message. Remember what I said about the Nonce can only be used one time or the encryption is cracked? By resetting the Nonce and sending the message the client is doing exactly that.
So how does an attacker use this? If the attacker can intercept the third message and then re-transmit it to the client one or more times, the client will continually reset and resend the final message using the same Nonce over and over again. This allows the attacker the ability to crack the encryption and then be able to eavesdrop on all traffic between the client and the AP.
But wait! There’s more!
So an attacker being able to ‘listen in’ to all the communication going on between say, your laptop and your router sounds like a bad deal right? Well it gets a little worse, since the encryption is broken, not only can the attacker listen to all the communication, he can also put in his own communication as well! If the attacker is able to intercept packages and inject his own into their place, they could theoretically send you to fake websites that aren’t what you’re actually looking for and get you to give up usernames and passwords or download malware to your system. So the ramifications of what can happen to a victim are definitely very disheartening.
Is it okay to get freaked out yet?
By now you’re probably thinking that this is the worst possible thing that could ever happen and you’re probably about two steps away from throwing your laptops, cell phones, and any other wireless devices into a lake. But, before we get that crazy it’s important to know that this isn’t quite as bad as it sounds. It’s bad yes, but it’s not end-of-the-world bad.
First, in order to execute this attack, the attacker needs to be within range of the victim’s WiFi network. This isn’t something that some guy in Russia or China can do to a system that’s in the U.S. or U.K. or any other country or vice-versa. In order to do this, you have to have the attacking device physically within the same general location of the network that’s being attacked. In most cases that means within a hundred or so feet of the router that’s hosting the WiFi network.
Second, intercepting and re-transmitting the message as mentioned previously isn’t exactly something that’s easy to do. There are multiple things that an attacker would have to know beforehand or correctly guess before attempting this type of attack and missing a single one of those things renders this attack ineffective.
Thirdly, if an attacker does successfully exploit this attack and can eavesdrop on your internet traffic, they will not be able to ‘listen’ to any traffic that is pre-encrypted. So, for example, if you visit a site that is using HTTPS (like most shopping sites do) they will not be able to see any of your traffic on that site. The same goes for traffic over a VPN which again is encrypted on a higher level than the network (ie: it’s encrypted before it even leaves your computer).
Fourth, this type of attack must take place when a client is connecting to an AP. This really is the big one as any device that stays consistently connected to the network is much less likely to be victimized and it also makes it that much harder on an attacker to successfully execute the attack.
Finally, since it’s only the third packet that we’re really concerned about, the issue that needs to be fixed lies primarily with the client devices. And fortunately, a good chunk of the important client devices are already not vulnerable to this attack. Due to a “happy accident” in that the implementation of the 4-Way Handshake was done incorrectly, Apple devices are largely invulnerable to this attack already. The same goes for Microsoft’s Windows products as they too did not have a “correct” implementation of the 4-Way Handshake. The biggest products still at risk are Android powered devices of which almost half of them are vulnerable. There are also an untold number of other wireless devices like printers, cameras, and IoT devices that are vulnerable however, with the exception of maybe cameras, there aren’t too many devices in that category that attackers will be interested in attacking (no, nobody wants to attack your printer). Updates are being rolled out to many devices right now for both client devices as well as APs that can still be vulnerable if not updated (if they are part of a mesh or repeater network).
So what do I need to do?
That’s probably the question running through your mind right now. The best thing you can do is make sure you update your devices. Preferably all of them, especially if you take them to more public places that have secured WiFi networks. Don’t forget to look for updates to devices like routers and IoT devices (wireless cameras, etc) as well because, while they may not be as desirable of a target as say, a phone or laptop, they’re still vulnerable and can be exploited. Of course, being on the latest firmware right now doesn’t mean a whole lot if that firmware is 6 months old. You’ll want to make sure that the updated firmware is recent (released this week). Of course, if you need any assistance with any of this, you can always contact us and we’ll be happy to lend a hand.