People Should Update Devices Because of New Wi-Fi Privacy Hack

Tuesday, 17 Oct, 2017

The worst affected are Linux and versions of Android including 6.0 and later, he said.

The issues were found by Mathy Vanhoef, a security researcher at Belgian university KU Leuven.

The exploit takes advantage of a flaw in the way Wi-Fi connections are established.

"It is likely that some products, particularly Android smartphones, and Wi-Fi routers, will never be fixed". To prevent the attack, users must update affected products as soon as security updates become available. "Additionally, it is possible to recover the authentication key, which in GCMP is used to protect both communication directions [as client or access point]...therefore, unlike with TKIP, an adversary can forge packets in both directions".

The vulnerability has to do with the four-way handshake between a client and an access point - your smartphone and your router for instance.

"When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value", Vanhoef explains on a microsite about the attack. However, while a mathematical formula is used to generate the keys in the third step, the same can be compromised to reveal the keys. Implementations of the technology can found in the overwhelming majority of modern wireless networks. That key is shared via a collection of cryptographic "handshakes" that verify the identity of network clients.

The researchers are now moving on to ponder whether other protocol implementations are also vulnerable to key reinstallation attacks.

This means the keystream starts repeating itself - and re-using the keystream in a network encryption cipher of this sort is a big no-no. Now WPA2 is under attack. As such, if an attacker retransmits part of the handshake, the library will reinstall the cleared key, effectively replacing the key with a blank one. The attack includes the but is not limited to recovering login credentials (ie, email addresses and passwords). The only solution is patching, but full fixes are not yet widely available.

Ages ago, you probably secured your WiFi devices with WEP. Researchers have discovered and published a flaw in WPA2 that allows anyone to break this security model and steal data flowing between your wireless device and the targeted Wi-Fi network, such as passwords, chat messages and photos.

Vanhoef intends to present their paper on the matter at the Computer and Communications Security (CCS) conference on Wednesday, November 1, 2017.

On a website dedicated to the vulnerability, Mr Vanhoef issued a plea to tech companies to issue security patches to protect devices against the vulnerability immediately.

WPA2 is a 13-year-old Wi-Fi authentication scheme widely used to secure Wi-Fi connections, but the standard has been compromised, impacting nearly all Wi-Fi devices-including in our homes and businesses, along with the networking companies that build them.

"For this reason the more valuable the network, the more likely it is criminals will make the effort to carry out the attack, so businesses are at a higher risk than average home users".