Newly Discovered Security Flaw Leaves All Wi-Fi Networks Vulnerable

Researchers have identified a security vulnerability in the WPA2 Wi-Fi protocol, which until now was believed to be secure. The Key Reinstallation Attack, or "KRACK," that targets the four-way handshake used to start a new WiFi session affects all protected networks and attackers can use it to steal information and even inject malware into websites, according to researchers Mathy Vanhoef and Frank Piessens.

The four-way handshake, which has been in use for 14 years, generates a fresh encrypted session key when connecting to a Wi-Fi network or when the connection is being refreshed. The key is generated after receiving message three of the handshake but the person connecting to a network may receive message three multiple times if the authenticator did not receive an appropriate response the first time around. According to Vanhoef and Piessens, an attacker can force resets by collecting and replaying transmissions of message three, attacking the data-confidentiality protocol.

Watch: Wi-Fi Flaw Leaves An Ever-Larger Internet Of Things Vulnerable

Android 6.0 devices are particularly vulnerable to the attacks and while iOS and Windows devices are not vulnerable to the attack against the four-way handshake, they are still vulnerable to the attack against the group key handshake. The researchers found that the attack can be used to attack the group key, PeerKey and fast BSS transition handshakes, which are used in network connections.

The effect of the attack depends on the type of data-confidentiality protocol used. TCP connections can be hijacked and hackers can even inject malicious content into unencrypted HTTP connections. On Android 6.0 devices, the attack triggered the installation of an all-zero key, voiding any security guarantees. Attackers can steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on.

In light of the identified vulnerability, the Wi-Fi Alliance issued a statement saying the issue can be resolved through straightforward software updates. Some platform providers have already started deploying patches to users.

"There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections," the statement said. "Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member. Wi-Fi Alliance is also broadly communicating details on this vulnerability and remedies to device vendors and encouraging them to work with their solution providers to rapidly integrate any necessary patches. As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers."

One of the limitations of the attack is that a hacker needs to be physically in range of a particular Wi-Fi network to manipulate it.

"All Wi-Fi clients we tested were vulnerable to our attack against the group key handshake," the researchers wrote. "This enables an adversary to replay broadcast and multicast frames."

The U.S. Computer Emergency Readiness Team issued a vulnerability note after the flaw came to light. CERT says the WPA2 protocol is ubiquitous in wireless networking and the vulnerability lies in the standard itself, not the individual implementation, so any correct implementation is likely affected. CERT advises users to install updates to affected products and hosts as they become available. CERT has also provided a list of vendors and whether or not they are affected by the flaw.

ZDNet has a handy list of all the patches available to tackle the security flaw. You can see the list here.

Photo by Mark Duncan/Associated Press