There is a new method that has been discovered recently which can compromise the internet traffic of just about any device which connects to a Wireless Internet connection using popular security protocol WPA2.  Known as a KRACK Attack, a scammer can use this method to work as a 'Man in the Middle' (MITM) and compromise your web traffic, leading theft of passwords and usernames the user enters into websites, apps, etc. along with injecting malware or stealing other information, pictures, etc. from the data being transmitted.

How Does Wireless Security Work?

Most of the devices we use everyday that access the internet can be connected wireless to a router or access point.  The router acts as a gateway between your device and the internet that the device is trying to connect to.  Routers typically have built in security features to help protect users who are accessing the internet, and provide a number of security methods which are applied to it's wireless settings.

Some of the various Wireless Security protocols that routers employ for wireless security include:

- WEP (Wired Equivalent Privacy ): The original encryption protocol developed for wireless networks. As its name implies, WEP was designed to provide the same level of security as wired networks. However, WEP has many well-known security flaws, is difficult to configure, and is easily broken.
- WPA (Wi-Fi Protected Access  ): Introduced as an interim security enhancement over WEP while the 802.11i wireless security standard was being developed. Most current WPA implementations use a preshared key (PSK), commonly referred to as WPA Personal, and the Temporal Key Integrity Protocol (TKIP, pronounced tee-kip) for encryption. WPA Enterprise uses an authentication server to generate keys or certificates.
- WPA2 (Wi-Fi Protected Access  Version 2):  Based on the 802.11i wireless security standard, which was finalized in 2004. The most significant enhancement to WPA2 over WPA is the use of the Advanced Encryption Standard (AES) for encryption. The security provided by AES is sufficient (and approved) for use by the U.S. government to encrypt information classified as top secret — it’s probably good enough to protect your secrets as well!

Key Re-installation Attacks (KRACK's) have been noted to target and effect the most popular of the above three security protocols known as WPA2.  Generally WPA2 is considered the safest and most secure type of Wireless Security standard, and hence the majority of wireless networks you connect to are often setup with this type of wireless security protocol.

How Does an Attack like this Work?

From the official site www.krackattacks.com: As a proof-of-concept we executed a key reinstallation attack against an Android smartphone. In this demonstration, the attacker is able to decrypt all data that the victim transmits. For an attacker this is easy to accomplish, because our key reinstallation attack is exceptionally devastating against Linux and Android 6.0 or higher. This is because Android and Linux can be tricked into (re)installing an all-zero encryption key. When attacking other devices, it is harder to decrypt all packets, although a large number of packets can nevertheless be decrypted. In any case, the following demonstration highlights the type of information that an attacker can obtain when performing key reinstallation attacks against protected Wi-Fi networks:

Our attack is not limited to recovering login credentials (i.e. e-mail addresses and passwords). In general, any data or information that the victim transmits can be decrypted. Additionally, depending on the device being used and the network setup, it is also possible to decrypt data sent towards the victim (e.g. the content of a website). Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations.

What Options are there for preventing this type of Attack?

As noted on the official krackattacks.com site, many manufacturers and companies have begun to roll out security updates for this type of attack.  If you own any computer running Mac OS, any version of Windows, a mobile device running Android, Windows Mobile OS, or iOS, or any other device which you use to connect to the internet it is highly recommended that you ensure that the device is fully updated with the latest security updates.

As with any release of information such as this, care must be exercised to ensure that accurate information is disseminated.  The points below highlight some key elements of this attack:

  • As of now this attack must coincide with a “Man-in-the-Middle” attack using the SSID of the infrastructure to lure the client device to associate to the Fake AP on a different channel than the actual network
  • The attacker will need to be able to generate a signal strength close to or better than the actual infrastructure to have a chance of enticing the client device away from the infrastructure.  If the attackers RSSI isn’t enticing to the client device, then it will likely just reconnect to an AP closer to it.
  • Once the device is associated, the encryption key and four-way handshake have to be manipulated such that the client device traffic is no longer encrypted at the attackers machine.
  • This attack DOES NOT reveal any PSK nor does it reveal authentication passwords right away; however, once compromised an attacker could use the client device’s decrypted packets to perform other MITM attacks and steal other passwords and usernames the user enters into websites, apps, etc. along with injecting malware or stealing other information, pictures, etc. from the data being transmitted.

It is always recommended that you follow other common sense security methods while using public hotspots as well.  If you must use a public hotspot try to use a VPN, be aware that someone may be watching, and always keep your anti virus up to date.  For more information and tips to stay safe online check out our blog for more great articles!