Security researchers claim to have discovered new weaknesses in the WPA2 Wi-Fi security protocol which could allow hackers to steal sensitive info or even inject malware into websites.
Discovered by Mathy Vanhoef of the Katholieke Universiteit Leuven, the so-called key reinstallation attacks (KRACKs) are set to be unveiled at the ACM Computer and Communications Security (CCS) conference on Wednesday.
The attack works by focusing on the four-way handshake used by WPA2 to confirm that client and access point have the correct network password and to negotiate a new encryption key to be used to encrypt all subsequent traffic.
This key is installed following message three of the four-way handshake, but because messages can sometimes be dropped or lost, the access point will re-transmit message three several times if it doesn’t receive the correct response in acknowledgement.
This means that the client device may receive message three several times, each time reinstalling the same encryption key but resetting the incremental transmit packet number (nonce) and receive replay counter used by the encryption protocol.
“We show that an attacker can force these nonce resets by collecting and replaying retransmissions of message three of the four-way handshake. By forcing nonce reuse in this manner, the encryption protocol can be attacked, e.g., packets can be replayed, decrypted, and/or forged. The same technique can also be used to attack the group key, PeerKey, TDLS, and fast BSS transition handshake.”
Effectively, it is the reset of transmit nonces that makes decryption of packets possible.
“Essentially, to guarantee security, a key should only be installed and used once,” said Vanhoef. “Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.”
Android smartphones are said to be particularly at risk because Android and Linux can be tricked into re-installing an all-zero encryption key instead of the real key. This makes it easy for an attacker to both intercept and manipulate traffic sent by Android devices.
Currently, over two-fifths (41%) of Android devices are vulnerable to this kind of attack.
Vanhoef listed 10 CVEs discovered as part of the research: each relating to a specific protocol vulnerability, so “many vendors” are affected by each., according to Vanhoef.
The US-CERT has already released an advisory to a limited set of organizations, with consumer and enterprise WPA1 and WPA2 networks affected.
The full research can be found here.