That router and device that you are likely using to connect to the Internet and read this is likely vulnerable to a new encryption crack which has been announced today, with the WiFi WPA2 security standard now not quite as secure as we previously thought it was.
Users of Android devices, as well as anyone running a Linux machine are the hardest hit but it is important to note that everyone, including Mac and iOS users are potentially impacted by this.
All routers and wireless access points have the capability to use WPA2 and it’s highly likely that is the encryption your personal router uses. It’s also heavily used by public hotspots, meaning that coffee shop you like to browse the Internet from is likely susceptible to the newly shared flaw. The flaw in WPA2 was discovered by Mathy Vanhoef, a security researcher in the computer science department of the Dutch university KU Leuven. According to Vanhoef, both Android and Linux are “trivial” to attack, but other platforms are also at risk.
We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks […] Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks […]
The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected […] If your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks
It’s important to note here that encrypted connections to shopping websites and services will remain secure because it is only the encryption of the connection over wireless that is impacted here.
According to Vanhoef, the issue comes when devices initially connect to a wireless device such as a router or access point, at which point that device confirms the correct WPA2 password is being used.
In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.
The good news? WPA2 can be patched by hardware vendors, and it will be backwardly compatible with existing devices out in the wild. The bad news is that this obviously relies on vendors actually patching devices, and with seemingly disposable Internet-of-things devices available by the likes of IKEA, it’s debatable whether that will happen at all, let along on a reasonable timescale.
You can check out the demonstration of the attack in the video embedded below.