Vulnerability found in WPA2 Wifi Encryption

Written By: Matthew James
Published On:

A recent discovery of a flaw in WPA2 encryption means that no wifi network is completely secure.

TLDR:-

  1. WPA2 – Previously the only widely available wireless encryption protocol to not be hacked has been exploited
  2. The hack is not device specific
  3. Fixes are being released, and updates should plug this security hole.
  4. ESP is proactively pushing updates to hardware as they become available

A Fuller rendition:-

As widely published in the popular press, Monday 16th October saw the announcement of a flaw and proof of exploit on WPA2 Wifi networks. The original source for this was https://www.krackattacks.com of particular interest to you may be the FAQ section, I have copied a selection of the most relevant questions for our clients at the bottom of the page below.

The weakness that is exploited is on the WiFi standard itself, rather than in any individual devices or software. That being said, some devices are affected more than others, for instance, Android and Linux, due to their ability to use an all-zero encryption key are more susceptible to the attack method as opposed to windows and iOS devices.

The main takeaways from the situation as it stands is that

  1.  despite this latest discovery, due to the complexity of the attack, and the availability of hacks for other encryption methods, it is still recommended to continue using WPA2 where possible.
  2. Manufacturers are proactively plugging this hole, and updates are already appearing from Ubiquity and Meraki amongst other vendors.
  3. This attack is still difficult to perform.
  4. The attack must take place within range of your wifi network, this is not an attack method that can be performed remotely across the internet.

We are currently working through our entire client base, identifying where Wifi access points have a patch available and applying, so far Ubiquity and Meraki have release updates and these are being applied, we are keeping a close eye on our other hardware vendors and will commence updates to those devices as the patch is released

Copied FAQs from source website Krackattacks.com:-

Do we now need WPA3?

No, luckily implementations can be patched in a backwards-compatible manner. This means a patched client can still communicate with an unpatched access point (AP), and vice versa. In other words, a patched client or access point sends exactly the same handshake messages as before, and at exactly the same moment in time. However, the security updates will assure a key is only installed once, preventing our attack. So again, update all your devices once security updates are available. Finally, although an unpatched client can still connect to a patched AP, and vice versa, both the client and AP must be patched to defend against all attacks!

Should I change my Wi-Fi password?

Changing the password of your Wi-Fi network does not prevent (or mitigate) the attack. So you do not have to update the password of your Wi-Fi network. Instead, you should make sure all your devices are updated, and you should also update the firmware of your router. Nevertheless, after updating both your client devices and your router, it’s never a bad idea to change the Wi-Fi password.

I’m using WPA2 with only AES. That’s also vulnerable?

Yes, that network configuration is also vulnerable. The attack works against both WPA1 and WPA2, against personal and enterprise networks, and against any cipher suite being used (WPA-TKIP, AES-CCMP, and GCMP). So everyone should update their devices to prevent the attack!

Is my device vulnerable?

Probably. Any device that uses Wi-Fi is likely vulnerable. Contact your vendor for more information.

What if there are no security updates for my router?

Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general, though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.

Are people exploiting this in the wild?

We are not in a position to determine if this vulnerability has been (or is being) actively exploited in the wild. That said, key reinstallations can actually occur spontaneously without an adversary being present! This may, for example, happen if the last message of a handshake is lost due to background noise, causing a retransmission of the previous message. When processing this retransmitted message, keys may be reinstalled, resulting in nonce reuse just like in a real attack.

Should I temporarily use WEP until my devices are patched?

NO! Keep using WPA2.