Recently, a group of cybersecurity researchers discovered a critical vulnerability in the WPA2 (Wi-Fi Protected Access II) encryption protocol. Let us remind you that it is with the help of WPA2 that the communication of most modern wireless Wi-Fi networks is encrypted. This means that potential attackers will be able to hack any Wi-Fi network and gain access to all traffic passing through it. The hole allows you to intercept encrypted passwords, emails, credit card numbers and other data. Experts report the introduction of malicious code on the pages of websites that users visit, which leads to further distribution and tracking of information.
WPA2 is one of the most common Wi-Fi security protocols, so every Wi-Fi-enabled device is at risk of hacking. The vulnerabilities are collectively known as KRACK (Key Reinstallation Attacks). “US-CERT has learned of several key vulnerabilities in the four-way handshake algorithm that is part of the WPA2 security protocol. The impact of these vulnerabilities includes decryption, packet interception, TCP connection theft, HTTP content injection, and more. The problem affects most or all implementations of the standard,” the United States Computer Emergency Readiness Team (US-CERT) commented on the situation. The most vulnerable were devices running Android and Linux OS. According to researchers, in Android 6.0 and higher there is a “trivial possibility” of intercepting traffic due to a vulnerability in the wpa_supplicant component. It allows you to reset the security key to zero and completely control the traffic.
Demonstration of an attack on an Android smartphone
On other platforms, data packets are decrypted using a more complex algorithm. Even if the hack is successful, it will not be possible to obtain 100% of the information. Only part of the information will be revealed, in addition, the attack is limited to the Wi-Fi coverage area. In July 2017, researchers sent warning letters to large organizations, and US-CERT joined them a little later. Aruba and Ubiquiti, which sell access points to large corporations and government organizations, have already released an update to remove vulnerabilities codenamed CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017- 13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088. Experts recommend making sure that the latest firmware is installed on the router and updating all devices to the latest firmware. Representatives from Microsoft say they have already fixed the vulnerability in Windows, while Google says it will fix the problem as soon as possible in the coming weeks. Also, after some time, many other access points and devices will receive updates. In the meantime, users are advised to avoid using Wi-Fi until the patch is released or to use additional data encryption protocols (HTTPS, STARTTLS and Secure Shell). As a last resort, use a VPN, remembering that not all of them guarantee a secure connection. In connection with this problem, a repository has appeared on GitHub , and a special website krackattacks.com has been launched on the network . The topic of vulnerability will be raised on November 1 in Dallas at the Computer and Communications Security Conference .
GO TO FULL VERSION