October 16 (Mainstream) — A vast issue security vulnerability was exposed today, as an easily exploitable vulnerability has been found in the WiFi Protected Access II (WPA2). This vulnerability makes it simple for attackers to access any WiFi traffic traveling on networks between personal computers, phones, servers and any access points.
Due to the security improvements that WPA2 introduced, it has become the de-facto standard for encryption on almost all wireless networks. It replaced the older WEP and WPA protocols, which were found to be readily vulnerable to attacks.
This most recent vulnerability has been dubbed KRACK, from the terms Key Reinstallation Attacks. KRACK impacts the entire WPA2 protocol itself, which spreads through every Operating System that supports it – Android, Linux, Apple, MediaTek, Linksys, Windows, and OpenBSD. This attack vector efficiently eliminates all WiFi security, permitting attackers to extract any and all data thought to be encrypted by the WiFi encryption protocol.
Vulnerable WiFi networks can be abused to collect and steal sensitive information. Just like breaches, it can compromise credit card numbers, passwords, messaging history, email, photos and pry on social media profiles. Waging an all-out attack, KRACK works against all modern protected WiFi networks. Criminals can also use it to inject ransomware and malware into websites, as well as manipulate data to defraud.
Visiting only HTTPS-protected Web Pages cannot eradicate the risks, as HTTPS was previously bypassed in non-browser software. Cases have been absorbed in Apple iOS and OS X, twice in Android apps, banking apps and even in VPNs.
Meanwhile, Windows and iOS have quite a robust defense, unlike Linux and Android which both appear to be more susceptible. Linux patches have been issued, but are still waiting for official distribution. The same goes for users of Android. Microsoft is running its process to produce a patch tomorrow, October 17th.
The disclosure of vulnerabilities follows an advisory stated by the US-Cert recently disseminated to around 100 organizations proclaimed that:
“US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the WiFi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.”
Cisco, Meraki, Aruba and Ubiquiti, firms selling access points to corporations and government agencies, have created updates available to patch and to mitigate these foreboding susceptibilities. Mainstream is rolling out patches to all of its affected clients over the next 48 hours.
Access points that are not patched quickly enough will continue to allow attackers to be able to observe everything that passes between computers and access points of nearby WiFi traffic. It also grants them the power to forge Dynamic Configuration Protocol settings, which exposes users’ domain name service to grave threats of breaches.
At this point, it is thought that all WiFi devices are vulnerable. Note that both the WiFi Access Point and the Client have to be updated to resolve this issue. Even a single device could breach an entire network.