KRACK : Key Re-installation Attacks To Hack Secured Wi-Fi
According to Security Researcher Mathy Vanhoef, he has discovered serious weaknesses in WPA2.
A protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs).
"If your device supports WiFi, it is most likely affected", Vanhoef said. "In general, any information that the victim transmits can be decrypted using this attack. Moreover, depending on the network setup and the device being used, it is also possible to decrypt the data which has been sent to the victim over this WiFi (e.g. content of the website, chats, login details and so on)."
Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.
Demonstration Video
The researchers said that the attack was particularly for Android and Linux users.
In this demonstration, the attacker is able to decrypt all data that the victim transmits. For an attacker this is easy to accomplish, because our key reinstallation attack is exceptionally devastating against Linux and Android 6.0 or higher. This is because Android and Linux can be tricked into (re)installing an all-zero encryption key.
In the research Paper:
This attack abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key. This resets the key’s associated parameters such as transmit nonces and receive replay counters. Several types of cryptographic Wi-Fi handshakes are affected by the attack. All protected Wi-Fi networks use the 4-way handshake to generate a fresh session key. So far, this 14-year-old handshake has remained free from attacks, and is even proven secure. However, we show that the 4-way handshake is vulnerable to a key reinstallation attack. Here, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying handshake messages. When reinstalling the key, associated parameters such as the incremental transmit packet number (nonce) and receive packet number (replay counter) are reset to their initial value. Our key reinstallation attack also breaks the PeerKey, group key, and Fast BSS Transition (FT) handshake. The impact depends on the handshake being attacked, and the data-confidentiality protocol in use. Simplified, against AES-CCMP an adversary can replay and decrypt (but not forge) packets. This makes it possible to hijack TCP streams and inject malicious data into them. Against WPA-TKIP and GCMP the impact is catastrophic: packets can be replayed, decrypted, and forged. Because GCMP uses the same authentication key in both communication directions, it is especially affected. To summarize, our main contributions are:
• We introduce key reinstallation attacks. Here, an attacker forces the reinstallation of an already-in-use key, thereby resetting any associated nonces and/or replay counters.
• We show that the 4-way handshake, PeerKey handshake,
group key handshake, and fast BSS transition handshake are
vulnerable to key reinstallation attacks.
• We devise attack techniques to carry out our attacks in practice. This demonstrates that all implementations are vulnerable to some variant of our attack.
• We evaluate the practical impact of nonce reuse for all data confidentiality protocols of 802.11.
I recommend all the users to use Top VPN's to encrypt your Internet. Internet threat is a real thing and surfing the Web on a public connection can result in your personal data falling into the wrong hands.
So you can surf the Internet worry-free while keeping you anonymous from hackers and government snoops who may be monitoring your activity.
#hoc
0 Comments