Security researchers have spotted the critical vulnerabilities in WPA2 that could lead to decrypt and expose sensitive information transmitted by the victims. The attackers could potentially exploit these WPA2 vulnerabilities to secretly notice the conversation on the Wi-Fi network. The WPA2 was considered to be the secured protocol before discovering these security vulnerabilities, but now attackers are using KRACKs to grab the personal information of the victims.
The total 10 vulnerabilities found in WPA2 by the researcher Mathy Vanhoef of imec-DistriNet, KU Leuven. “Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So, it might be that your router does not require security updates,” Vanhoef states.
The sensitive information might include credit card numbers, passwords, chat messages, emails, photos, and more. The attackers have targeted Windows, Android, Linux, Apple, OpenBSD, MediaTek, andLinksys are also by the other variants of the attack.
Even the changing of password can’t prevent attackers to decrypt the information passing through WPA2 protocol.
The detailed information about KRACKs (Key Reinstallation Attacks) has been published on a dedicated site krackattacks. The security team executed KRACKs against Android for the proof-of-concept and found that it’s pretty easy to attack on Linus and Android 6.0 or higher. On the other hand, it’s not much easy to attack on other systems and decrypt the packets.
Common Vulnerabilities and Exposures (CVE) found in WPA2
- CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
- CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
- CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
- CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
- CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
- CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
- CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
- CVE-2017-13086: Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
- CVE-2017-13087: Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
- CVE-2017-13088: Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
Moreover, the attacker could also use WPA2 vulnerabilities to insert or manipulate the data and even transmit malware on victim’s device. The attackers who are able to decrypt packets can also decrypt TCP SYN packets using same technique. This needs only TCP sequence numbers of a connection, and let them hijack TCP connections.
For detailed information of these vulnerabilities, you can explore the National Vulnerability Database.
Stay connected to Digital Riser for more updates about security news and patches for bugs.