Oct. 24, 2017
Here are some guidelines from national digital security agency CyberSecurity Malaysia and digital security experts for IT admins and internet users on how to stay safe from the latest exploit - KRACK.
Krack - which stands for Key Reinstallation Attacks - is the name of a major vulnerability in Wi-Fi routers' WPA2 security protocol uncovered recently by researcher Mathy Vanhoef.
WPA2, which replaced the WEP protocol in about 2003, was created by the Wi-Fi Alliance to cover up eavesdropping on what websites your computer is trying to access.
The flaw in WPA2 will allow "man-in-the-middle" eavesdropping attacks, as well as possible ransomware and other malicious code injections, Vanhoef has said in various media reports. Krack may allow attackers to steal credit card numbers, passwords, chat messages, emails, photos, and so forth.
Dato' Dr. Haji Amirudin Abdul Wahab (pic below), chief executive officer of CyberSecurity Malaysia, confirmed to Computerworld Malaysia (over the weekend of 22 October) that the globally used Wi-Fi Protected Access 2 (WPA2) Wi-Fi security protocol has been broken. "This standard is the most commonly used security standard by Wi-Fi networks around the world."
"This attack abuses design or implementation flaws in cryptographic protocols and resets the key's associated parameters such as transmit nonce and receive replay counters," explained Dr Amirudin. "Several types of cryptographic Wi-Fi handshakes are affected by the attack."
As IT administrators know, WPA2 puts devices through a four-way handshake, and Krack will forces part three to be resent repeatedly, promoting your Wi-Fi access point to look for a response from the router.
While it's a clever attack on a protocol, Krack appears to require attackers be close enough to a router's signal to connect to it, like any normal sign-in to a Wi-Fi network. Also, Krack is "highly effective" against devices running Android and Linux operating systems.
Independent threat intelligence specialist Azril Azam (pic below) told Computerworld Malaysia: "Krack has been one of the most discussed security topics in 2017. The attack occurs at a deep, very low level and quite technical. The two researchers from Belgium who discovered the protocol weaknesses have setup a website for general understanding (krackattacks.com)."
"This exploit aims to trick a 'victim' Wi-Fi (802.11) supported device into reinstalling an already used cryptographic key, which is used to encrypt and decrypt network traffic. The attacker achieves this by manipulating and replaying/retransmit cryptographic handshake messages. Krack is not a cryptographic algorithm attack - it only targets the 4-Way-Handshake (4WH) in the WPA2 protocol itself," he said.
Azril explained that although Krack mainly targets the WPA2 4WH, since other protocols in the Wi-Fi 802.11 family are also embedded, the same 4WH process may impact these other protocols.
The following are the protocols possibly affected by the 4HW attack from Krack:
- CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
- CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
- CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
- CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
- CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
- CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
- CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
- CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
- CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
- CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.