WPA2 is fallen, winter is here

drasnordrasnor Starship OperatorHawthorne, CA Icrontian
edited October 2017 in Internet & Media

Proving once again that hackers security researchers are the reason we can't have nice things, the Key Installation Attack (KRACK) is loose in the wild and exploits an intrinsic weakness in the WPA2 protocol to let unsavory sorts do unsavory things.

How screwed are you?

That depends on who lives near you and how much you've pissed them off because as usual hacking WiFi networks requires the attacker to be physically close. On the down side, the short story is that there are no more secure wireless protocols.

  • WPA2 GCMP, WPA2/WPA TKIP: attackers can decrypt your packets, steal your network key, and spoof your clients to switch to their access point for other nefarious man-in-the-middle attacks
  • WPA2 CCMP/AES: attackers can decrypt your packets and spoof your clients to switch to their access point but can't steal your network key.
  • WEP: completely cracked years ago, you are better off using WPA2 CCMP/AES.

The industrial and national espionage opportunities are more compelling than Eve going after Alice and Bob's home network traffic so some of you are more screwed than others. Authenticated WPA2 Professional still relies on the same underlying technology that has this intrinsic flaw. Additionally, some implementations are more susceptible to certain classes of attacks than others.

Problematically, the extremely-vulnerable wpa_supplicant implementation is at the heart of any Linux-based system including and especially embedded ones such as consumer WiFi routers, smart TVs, and pretty much any Internet of Things device. For a lot of these things you'll be lucky to ever see a firmware update.

The good news

This can be fixed by a minor revision to the WPA2 specification that's backwards-compatible with existing devices/software/whatever. Network traffic that's designed to operate over unsecure links is unaffected (e.g. https://, encrypted VPN). Read a Mickens about security and feel better.

The bad news

Any fix will require a patch, a lot of stuff won't get patched, and any unpatched device/software/whatever is an attack vector. Unsecure network services (e.g. everything not designed to operate on the raw Internet) are exposed to attackers on your network. An attacker on your network can turn all your stuff into zombies, access your open network shares, and otherwise do anything that someone you've given your network password can do.

Closing thoughts

Have a nice day, patch all your stuff, and don't forget to use AES.

https://youtu.be/JsIux0SvQXY?t=8m58s

CBTushonLincSonorousEMTCliff_Forster

Comments

  • CBCB Ƹ̵̡Ӝ̵̨̄Ʒ Der Millionendorf- Icrontian

    The real question on everyone's mind now, I think is: "Can I use this information to get free wi-fi on airplanes?"

    AlexDeGruven
  • mertesnmertesn I am Bobby Miller Yukon, OK Icrontian

    OpenWRT’s LEDE branch will have a fix in their next service release (17.01.4)
    https://forum.lede-project.org/t/lede-v17-01-3-service-release/7113/18

  • GargGarg Purveyor of Lincoln Nightmares Icrontian
    edited October 2017

    I've read elsewhere that this only affected clients, not routers. Is that true? My desktops are all patched, we all know how ridiculous the Android system is for patches ¯\_(ツ)_/¯, but I'm wondering if I need to be worried about the router or not.

  • ardichokeardichoke Icrontian
    edited October 2017

    @Gargoyle said:
    I've read elsewhere that this only affected clients, not routers. Is that true? My desktops are all patched, we all know how ridiculous the Android system is for patches so ¯\_(ツ)_/¯, but I'm wondering if I need to be worried about the router or not.

    EDIT: I was wrong, it is a client side issue primarily... but mitigations can be put in place on the AP side (from what I'm reading) to detect that a client is being attacked and force them to reauthenticate. Or something like that.

    I'm so glad I upgraded my WiFi kit to Ubiquiti gear. They already have a patch rolled. <3

  • SonorousSonorous F@H Fanatic US Icrontian

    @ardichoke said:

    @Gargoyle said:
    I've read elsewhere that this only affected clients, not routers. Is that true? My desktops are all patched, we all know how ridiculous the Android system is for patches so ¯\_(ツ)_/¯, but I'm wondering if I need to be worried about the router or not.

    EDIT: I was wrong, it is a client side issue primarily... but mitigations can be put in place on the AP side (from what I'm reading) to detect that a client is being attacked and force them to reauthenticate. Or something like that.

    I'm so glad I upgraded my WiFi kit to Ubiquiti gear. They already have a patch rolled. <3

    Good to know, also on the ubiquiti train. Choochoo.

  • AlexDeGruvenAlexDeGruven Wut? Meechigan Icrontian

    I guess I should update my Ubiquity AP tonight.

  • SonorousSonorous F@H Fanatic US Icrontian

    @AlexDeGruven said:
    I guess I should update my Ubiquity AP tonight.

    I just did a quick controller backup and started the upgrade on everything.

  • BobbyDigiBobbyDigi ? R U #Hats ! TX Icrontian

    So I could not care less if someone sees my YouTube history or gaming schedules but if I understand correctly someone could use my network to do bad thing which I would then probably be liable for.

    My question is, is not broadcasting my ssid a step in the right direction? Pretty positive my neighbors are not going to hack my network but if someone is trolling around my hood, is it at least logical to think if they can not see my network, than the chance of them attacking is lowered?

    -Digi

  • @BobbyDigi said:
    So I could not care less if someone sees my YouTube history or gaming schedules but if I understand correctly someone could use my network to do bad thing which I would then probably be liable for.

    My question is, is not broadcasting my ssid a step in the right direction? Pretty positive my neighbors are not going to hack my network but if someone is trolling around my hood, is it at least logical to think if they can not see my network, than the chance of them attacking is lowered?

    -Digi

    Marginally lowered. If someone is wardriving your neighborhood though, a hidden SSID is probably not going to be much of a barrier to entry for them.

  • ThraxThrax 🐌 Austin, TX Icrontian

    Someone tell me why certain WiFi devices are only vulnerable in bridge mode.

  • TushonTushon I'm scared, Coach Alexandria, VA Icrontian

    For the same reason that it is clients which need to be patched. Bridge mode is causing the router to act as a client to another router, and is subject to the same vulnerabilities in the protocol that a client would be. Why some and not all is not known to me at the moment, but it probably has to do with how they chose to implement the WPA2 spec for that particular device.

  • EMTEMT Seattle, WA Icrontian

    @drasnor said:

    • WPA2 GCMP, WPA2/WPA TKIP: attackers can decrypt your packets, steal your network key, and spoof your clients to switch to their access point for other nefarious man-in-the-middle attacks

    What source said that the WPA2 password is compromised? The author said, "Our attacks do not recover the password of the Wi-Fi network."

    Great summary though. Will be interesting to see the effects.

  • ThraxThrax 🐌 Austin, TX Icrontian

    @Tushon said:
    For the same reason that it is clients which need to be patched. Bridge mode is causing the router to act as a client to another router, and is subject to the same vulnerabilities in the protocol that a client would be. Why some and not all is not known to me at the moment, but it probably has to do with how they chose to implement the WPA2 spec for that particular device.

    Good point. Hadn't thought of bridge mode as a client.

  • drasnordrasnor Starship Operator Hawthorne, CA Icrontian

    @EMT said:

    @drasnor said:

    • WPA2 GCMP, WPA2/WPA TKIP: attackers can decrypt your packets, steal your network key, and spoof your clients to switch to their access point for other nefarious man-in-the-middle attacks

    What source said that the WPA2 password is compromised? The author said, "Our attacks do not recover the password of the Wi-Fi network."

    My interpretation from the Ars article cited at the beginning.

    Depending on the type of handshake being used between the nodes on the Wi-Fi network, the attack can do varying levels of damage:
    For connections using AES and the Counter with CBC-MAC Protocol ((AES)-CCMP), an attacker can decrypt network packets, making it possible to read their contents and to inject malicious content into TCP packet streams. But the key itself cannot be broken or forged, so the attacker can't forge a key and join the network—instead, they have to use a "cloned" access point that uses the same MAC address as the access point of the targeted network, on a different Wi-Fi channel.
    For WPA2 systems using the Temporal Key Integrity Protocol (TKIP), the Message Integrity Code key can be recovered by the attacker. This allows them to replay captured packets to the network; they can also forge and transmit new packets to the targeted client posing as the access point.
    For devices that use the Galois/Counter Mode Protocol (GCMP), the attack is the worst: "It is possible to replay and decrypt packets," Vanhoef and Piessens wrote. "Additionally, it is possible to recover the authentication key, which in GCMP is used to protect both communication directions [as client or access point]… therefore, unlike with TKIP, an adversary can forge packets in both directions." That means that the attacker can essentially join the network and pretend to be a client or the access point, depending on the type of access they want. "Given that GCMP is expected to be adopted at a high rate in the next few years under the WiGig name, this is a worrying situation," the researchers noted.

  • EMTEMT Seattle, WA Icrontian

    @drasnor I think both those message keys are temporary. That corresponds with what the analyses seem to be saying: that the attacker is able to decrypt and insert themself into an established client-AP session, but not handshake into the network properly (which requires the password).

    I could be wrong. The IEEE offers the 802.11ac spec PDF for the low price of $246 ?

  • drasnordrasnor Starship Operator Hawthorne, CA Icrontian
    edited October 2017

    I think that you're probably right that the attacker would become a man-in-the-middle under most circumstances and not a fully-fledged client on their own. I'm not certain that that makes a huge difference in impact though if you can fake being that client to the AP and vice versa.

Sign In or Register to comment.