It's time to get patching again. Another widespread vulnerability affecting practically everyone and everything that uses Wi-Fi was revealed on Monday, allowing hackers to decrypt and potentially look at everything people are
doing online.
Researcher Mathy Vanhoef, from Belgian university KU Leuven, released information on his hack, dubbing it KRACK, for Key Reinstallation Attack. Vanhoef's description of the bug on his KRACK website is startling: "This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration,
it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."
What's behind the vulnerability? It affects a core encryption protocol, Wi-Fi Protected Access 2 (WPA2), relied on by most Wi-Fi users to keep their web
use hidden and secret from others. More specifically, the KRACK attack sees a hacker trick a victim into reinstalling an already-in-use key. Every key
should be unique and not re-usable, but a flaw in WPA2 means a hacker can
tweak and replay the "handshakes" carried out between Wi-Fi routers and
devices connecting to them; during those handshakes, encryption keys made up
of algorithmically-generated, one-time-use random numbers are created. It
turns out that in WPA2, it's possible for an attacker to manipulate the handshakes so that the keys can be reused and messages silently intercepted.
The researchers, who said the attack was particularly severe for Android and Linux users, showed how devastating an attack could be in the demonstration video below:
https://youtu.be/Oh4WURZoR98
The attacks on Google's Android are made simpler by a coding error, where an attacker will know the key just by forcing a reinstallation. That's because
the operating system uses what's known as an "all-zero encryption key" when
the reinstallation is initiated, which is easier to intercept and use maliciously.
--- Mystic BBS v1.12 A35 (Linux/32)
* Origin: Twinkle BBS # (700:100/4)