All devices vulnerable to major Wi-Fi flaw

A newly discovered major flaw in the protocol that secures all modern protected Wi-Fi networks could render all such networks vulnerable to data breaches, ransomware and other forms of attack.

The KRACK (key reinstallation attack) exploit, discovered by Belgian security researcher Mathy Vanhoef, takes advantage of a vulnerability in the Wi-Fi Protected Access 2 (WPA2) encryption protocol.

As the name implies, the attack involves tricking a device into reinstalling an already in use key by manipulating and replaying the four-way cryptographic handshake messages used to confirm the credentials of both the client device and the access point.

Because the technique exploits a vulnerability in the Wi-Fi standard itself, any correct implementation of the WPA2 protocol is likely affected, so any device supporting Wi-Fi could be exposed to the theft of data thought to be encrypted, including credit card numbers and passwords.

Vanhoef said testing found that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and other devices are all affected by some variants of the attack.

If the victim device uses either the WPA-TKIP encryption protocol or the new GCMP protocol for Wireless Gigabit services, the exploit can also potentially be used to inject malicious code such as ransomware or other malware.

McAfee CTO for APAC Ian Yip commented that based on the information available so far it appears that the attack is dependent on being in close physical proximity to a device or wireless network.

“For example, an attacker cannot use this exploit to compromise a wireless network or device from an indeterminate location halfway across the world,” he said.

“However, this is significant in that there is no readily available alternative, uncompromised protocol to use on a local wireless network until patches are deployed. We should note that while the exploit compromises wireless networks, point-to-point encryption between devices and websites or applications should still be secure.”

He said until patches are available, home or office wireless networks should be treated the same as public internet connections such as free Wi-Fi at cafes.

The use of physically connected wired access points should be preferred where possible, and risks can be further mitigated by accessing all websites over HTTPS where available and using VPNs at all times.

Meanwhile, researchers have reportedly discovered a fatal weakness in the RSA keys generated by chips produced by Infineon Technologies and used by major companies including Google and Microsoft.

The ROCA exploit, which is being described as worse than KRACK, has put the security of millions of cryptographic keys at risk. These keys are used in cryptographic smartcards, security tokens and other secure hardware chips.

“The software and hardware containing these flaws has been used for National identity cards, software and application signing, and trusted platform modules protecting government and corporate computers for companies like tech giants Google and Microso,” Webroot Senior Threat Analyst Tyler Moffitt commented.

“This five-year-old vulnerability completely breaks the general use and secureness of using public key cryptography since you’re supposed to able to share to public key without any risk. Now any attacker can take your public key and find out the private key which allows them to commit identity theft. Those currently using these crypto identity cards can re-apply for e-Residency or follow other options as disclosed by the officials.”

Image credit: ©stock.adobe.com/au/Leo Lintang

Follow us and share on Twitter and Facebook