Most people have one blinking away on a shelf somewhere in their home. A WiFi router is as much a standard fixture in a modern home as a refrigerator or a microwave oven. And most of us believe that these devices are secure and safe from attack because of network security technology called Wireless Protected Access 2 (WPA-2). This technology has been used on all certified WiFi hardware since 2006, and uses the latest encryption standards to make hacking virtually impossible.
Or at least that is what was believed until recently, when researchers from the University of Leuven in Belgium discovered that all such “protected” WiFi routers are in fact vulnerable to hacking via Key Reinstallation Attacks (KRACKs).
The Telegraph explains that before this discovery, no hacker had ever managed to override the protection offered by WPA-2. However, the findings indicate that anyone within range of a Wi-Fi network can “inject computer viruses into internet networks, and read communications like passwords, credit card numbers and photos sent over the internet.”
The research team warns that all modern WiFi networks are vulnerable to KRACK attacks, and that “if your device supports WiFi, it is most likely affected.” This is because the weakness is within the WPA-2 technology itself, rather than any particular device or product. Multiple different operating systems are therefore vulnerable, including Apple, Android, Windows, Linux, OpenBSD, Linksys, MediaTek and others.
Connecting a device to a secure network involves a complicated four-way “handshake” that encrypts traffic, preventing others from intercepting information sent between the two devices. It is this “handshake” that makes WPA-2 vulnerable to attack.
When a client joins a network, it executes the 4-way handshake to negotiate a fresh encryption key. It will install this key after receiving message 3 of the 4-way handshake. Once the key is installed, it will be used to encrypt normal data frames using an encryption protocol. However, because messages may be lost or dropped, the Access Point (AP) will retransmit message 3 if it did not receive an appropriate response as acknowledgment. As a result, the client may receive message 3 multiple times. Each time it receives this message, it will reinstall the same encryption key, and thereby reset the incremental transmit packet number (nonce) and receive replay counter used by the encryption protocol. We show that an attacker can force these nonce resets by collecting and replaying retransmissions of message 3 of the 4-way handshake. By forcing nonce reuse in this manner, the encryption protocol can be attacked, e.g., packets can be replayed, decrypted, and/or forged.
Since this is a “fundamental flaw” in the system itself, no amount of password changing can protect you. Fortunately, this type of hacking can only be done by somebody within close range of the router itself, which means that routers in private homes are less vulnerable. Using public networks at coffee shops and restaurants makes you far more vulnerable to attack. If you must use a public network check for the little gold padlock that shows the network is secure.
Certain websites, like banking and online shopping sites, use more secure technology, and can be identified by the little padlock that appears within the address bar.
Tech companies like Google and Apple have either already released updates to address the issue, or have promised to do so. Although such updates will make your network far more secure, techies are also encouraging internet users to “patch” – or update – their routers. (Related: Is your power strip spying on you? Complex hacking device looks like an extension cord.)
The researchers predict that tools will soon become available which will enable hackers to carry out such attacks, so it is best to get your router and software updated as soon as possible.
Discover other ways in which commonly used technology may be vulnerable to attack at CyberWar.news.
Sources for this article include: