News broke yesterday that every Wi-Fi connection is potentially vulnerable to an unprecedented security flaw that allows hackers to snoop on internet traffic. The vulnerability is the first to be found in the modern encryption techniques that have been used to secure Wi-Fi networks for the last 14 years. In theory, it allows an attacker within range of a Wi-Fi network to inject computer viruses into internet networks, and read communications like passwords, credit card numbers and photos sent over the internet. IT security experts commented below.
Lisa Baergen, Director at NuData Security:
Mike Buckbee, Security Engineer at Varonis:
The attack works against WiFi clients and depends upon being within WiFi range of the target device. Attackers can use a special WiFi card that retransmits a previously used session key which forces a reinstallation of that key on the client device. By doing so (and depending on exactly how WPA2 is implemented on the client device), the attacker can then send forged data to the client. For example, an attacker could silently manipulate the text and links on a web page.
An interesting twist to this attack is that it depends much more upon physical proximity in order to compromise a client since you need to be in WiFi range. An attacker also needs a somewhat specialized networking device and to be able to code up the exploit manually – since no software has yet been released for this attack.
The more encryption you run at different layers of the communications stack the better. If you’re in charge of a website, this is just one more in a vast list of reasons you should be forcing SSL/TLS on your site. VPNs are also a strong (additional) option: they’re inexpensive, easily configured, and can make Krack much less of an issue. An attacker can view/capture the encrypted data but won’t be able to do anything with it.”
Jesse Victors, Security Consultant at Synopsys:
“The vulnerability, formally assigned CVE-2017-15361 and called the Return of Coppersmith’s Attack, or ROCA for short, is a practical mathematical attack that allows an adversary to reveal secret keys on certified devices using this library. The key can be revealed offline, and no physical access to the affected device is required. Once the attack is complete, the attacker can then use the secret key to overcome any authentication or encryption systems that are in place on the affected device. Unfortunately, many certified devices are vulnerable. This flaw is present in NIST FIPS 140-2 and CC EAL5+, two internationally adopted cryptographic standards.
“Based on the limited information released by the authors, we know that ROCA exploits a flaw in a software library that generates RSA keys. RSA is a public key cryptosystem widely used for digital signatures for authentication or encrypted messages for confidentiality. You will find RSA practically everywhere, even in the HTTPS on this web page.
“The authors have made it clear that this flaw is embedded into the hardware and firmware of many devices widely used across the globe. This makes it difficult to completely patch, but there are some mitigating controls. If you are using Windows, Microsoft has issued several updates that should address the issue. Google, HP, Lenovo, and Fujitsu have released updates for their software products as well. Estonian citizens can suspend the digital signature services of their smartcards if they choose. A new chip is in development in the meantime.
“As has discussed before on the Synopsys blog, crypto is fragile. RSA turned 40 years old this year and we still seem to struggle with using and implementing it correctly. The RSA algorithm described in 1977 is fast but unsafe and must be implemented carefully to avoid several padding oracle attacks and information leaks. Numerous schemes have been introduced to address the flaws, which I consider this to be a flaw with RSA’s design and the complexity of standards. However, RSA was there first, and it’s one of our best public key encryption schemes, so it isn’t going away any time soon.”
Dr Kevin Curran, Senior Member of the IEEE and Professor of Cybersecurity at Ulster University:
“Decryption of information then becomes possible as the same encryption key is used with nonce values that have already been used previously. They have also exposed other variants against group keys and more and have effectively broken down the door to WPA2. It is catastrophic against Linux WiFi implementations (wpa_supplicant), which install an all-zero encryption key instead of reinstalling the real key. This really makes the attack easy. Android also uses wpa_supplicant and at his time, it seems that 4 out of 10 Android devices are vulnerable to this variant of Krack.
“This attack allows sensitive information such as credit card numbers, chat messages, passwords, banking logins, emails, photos, and almost all information travelling over a WiFi network to be snooped. In some case, data can be manipulated and malware injected into websites.
“Unfortunately, there is no alternative to using WPA2 at present, but users should consider using VPNs and other security technologies to provide protection to connections. A positive aspect is that HTTPS is becoming more pervasive on the web and some services as TLS, SSH, PGP use strong encryption. The author of Krack does however point out that HTTPS was previously bypassed in non-browser software, Apple’s iOS, OS X, Android apps, banking apps and VPN apps. So a patch for this attack is crucial. Other information that can be discovered with this flaw include unique device identifiers and metadata i.e. visited sites, traffic timing, patterns, quantity of data exchanged – leading to all sorts of potential data leaks.
“A fix will come, but it does require router firmware to be updated. This is a major problem as the average user is unlikely to do this and many routers will not have updates rolled out. That is a larger issue for the security community where there is poor support from manufacturers for updates. For once, this is not an over hyped security flaw with a catchy name – this is the real deal. Once again, it proves how difficult it is to truly write secure protocols.”
Tristan Liverpool, Director of Systems Engineering at F5 Networks:
“How serious is the threat? The attacker must be within range of the Wi-Fi network to exploit it. People also need to be aware of subtle differences to keep their connections safe such as paying attention to the URL. Traffic between HTTPS servers will be safe but unprotected sites start with HTTP. Still, the vulnerability highlights the challenge of defending a ‘perimeter-less’ network. It is hard to define what we cannot pinpoint, where the traditional datacentre ends and begins. With apps now the focus of our connections to the internet, the perimeter must start with the app and end with the datacentre.
“To protect against this type of vulnerability, companies should implement technologies such as secure socket layer (SSL) VPN and application encryption. This secures payloads no matter the state of the network infrastructure or security of local Wi-Fi, and bolsters the security of network traffic.”
Gaurav Banga, CEO at Balbix:
These are all great questions to ask, but waiting until an incident like this happens is not good. Instead, organizations need to invest in a systematic method with the right tools to continuously discover indicators of risk like these. AI based predictive risk platforms can help proactively understand your attack surface.”
Vulnerabilities recently discovered in the WPA2 protocol help attackers to bypass security protection and hijack WiFi data transmission. According to the report, researchers have discovered serious security issues related to key management schemes in the four-way handshake of the WPA2. In fact, a KRACK (key reinstallation) attack is essentially a man-in-the-middle attack, which forces devices connected to the WiFi network to reinstall the encryption keys that protect WPA2 traffic.
The degree of impact on the information transmitted depends on the encryption mode used. When using WPA-TKIP or GCMP, attackers can not only decrypt WPA2 traffic or develop replay attacks, which is relevant for AES-CCMP too, but also inject arbitrary falsified packets into victim’s data. WPA2 vulnerabilities can be used for attacks against ICS, although WiFi technologies are not wide spread in industrial networks. Although there is a number of PLCs, which can use WiFi for wireless configuration and management, WPA2 security problem affects mostly network communication devices, smartphones and tablet PCs which are used by engineers and operators for remote access to ICS. The threat of MitM remains particularly relevant to industrial networks. Unlike personal operating systems, where most vulnerabilities in implementations of transport layer network protocols have been patched, numerous vulnerabilities remain in industrial software, enabling traffic to be intercepted or injected (e.g., predictable TCP packet ISNs, reusing the nonce, etc.). And the vulnerability in WPA2 implementations opens one more “entry point” for attacks on industrial networks that use Wi-Fi to control industrial hardware.
Since vulnerabilities have been found in the protocol itself, KRACK attack can target outdated WPA protocol as well and affects all WiFi devices regardless of the operating system. The most vulnerable operating systems inсlude Android 6.0, Android Wear 2.0 and Linux systems running wpa_supplicant v 2.4 and 2.5. But other operating systems, including OS X, iOS and Windows can be affected as well. In order to secure ICS network, businesses should mitigate risks of office / corporate network compromises of hacked corporate WiFi networks that can be used as a possible attack vector. Speaking about direct threats to technological process, WiFi is widely used as the common communication tool in some industrial facilities, such as warehouses (including ports and sorting terminals) in logistics, factory automation (especially in food and medical production industries) with some limited use in process automation.(for example for collecting data in terms of technical and commercial accounting). Unauthorized access to such information, which can be gained by criminals after decryption of WiFi traffic, could lead to serious damages, up to the stopping of the process of transportation of goods and loss of production.
Usually, even complete prohibition of WiFi in industrial enterprises will not solve the problem. The presence of uncontrolled wireless networks and the direct connection of wireless routers to control networks are typical violations detected during audits of the ICS security. It can also be used to penetrate industrial network. Therefore, WPA2 vulnerability results in a new entry point and significantly expand scale of possible attacks on the ICS. It is highly important that vendors assess the relevance of discovered vulnerabilities for their products. We advise businesses to check if patch is available and install it. Right now, some of vendors have already released security fixes such as Ars, Aruba, Ubiquiti, Mikrotik. Before patches are released and installed, we recommend to use encryption unrelated to the wireless data transmission, such as SSL (SSH, VPN etc.), that protects information even in case of WiFi connections’ compromise. For further ICS protection from attacks against wireless networks we advise to follow standard recommendations such as:
- segmentation and firewall protection;
- regular monitoring (audit) of wireless networks for detection of unauthorized wireless networks.
Rich Campagna, CEO at Bitglass:
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.