The Wi-Fi is no longer as secure as we thought it was. A savvy hacker can crack down a Wi-Fi using the 14-year-old vulnerability of WPA2. The Wi-Fi uses an encryption algorithm called WPA & WPA2. The WPA2 or Wi-Fi Protected Area is Vulnerable to “KRACK” attack. Security Researcher Mathy Vanhoef is the discoverer of this vulnerability. KRACK algorithm can break Wi-Fi WPA2 security. The Linux and Android had the worst effect. Microsoft Windows 10 has already released the update to patch this vulnerability.

 

Extent of Threat to Wi-Fi WPA / WPA2 by KRACK

WIFI COVERAGE KRACK
WIFI COVERAGE KRACK

The Wi-Fi is the most prominent network channel for internet connectivity services. According to a report by App Annie, more than 95% or data consumed on the mobile phone is with Wi-Fi. A Cisco report indicates that a great extent of Wi-Fi also covers our regular desktop data usage. About more than 60% network traffic service by WiFi. Protecting the Wi-Fi is the priority for both the Internet Companies & the Banking Services. because these two services face the heat first for network security breaches.

 
WPA2 is a security protocol is in centre of the security infrastructure of Wi-Fi devices. All devices that use Wi-Fi are vulnerable to this attack. Even those who are using HTTPS/TLS / SSL as an extra layer of security. The attacker can snap out the extra layer in a misconfigured HTTPS using few commands. The US Homeland Security’s cybersecurity cell, US-CERT made KRACK vulnerability information public on 16th October 2017. The KRACK vulnerability is confirmed in many vendors. Some big name
includes The Google, Cisco, Juniper, Microsoft etc.
 

WPA2 KRACK handshake Vulnerable Vendors

VendorUpdated on
Cisco16 Oct 2017
FreeBSD Project12 Oct 2017
Google16 Oct 2017
HostAP16 Oct 2017
Intel Corporation10 Oct 2017
Juniper Networks16 Oct 2017
Microchip Technology16 Oct 2017
Microsoft Corporation16 Oct 2017
OpenBSD16 Oct 2017
Red Hat, Inc.04 Oct 2017
Samsung Mobile12 Oct 2017
Toshiba Commerce Solutions13 Oct 2017
Toshiba Electronic Devices & Storage Corporation16 Oct 2017
Toshiba Memory Corporation16 Oct 2017
Ubiquiti Networks16 Oct 2017
Ubuntu16 Oct 2017
 
 
NIST – US Dept. of Commerce has maintained a database of Common Vulnerability Exposures (CVE). Upon investigating the identifiers the researcher discovered faulty product lines. The researcher employed various steps to bypass the security wall put up by WPA2. Upon crosschecking, the TechScoop discovered that most of these CVEs on hold.
 

CVE issued by US Department of Commerce

Issue CVEIssue
CVE-2017-13077Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2017-13078Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13080Reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081Reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13082Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
CVE-2017-13084Reinstallation of the STK key in the PeerKey handshake.
CVE-2017-13086reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13087reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13088reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.

A little History lesson in Wi-Fi Security

The WPA is a successor of WEP protocol. WPA is famous for its higher security. The Modern Wi-Fi firmware does not use WEP due to its security risks. The WEP is an easy target for even a learning hacker. The internet has a plethora of tools, tips and tricks to crack WEP enabled wireless networks. Some Linux distributions, like Kali Linux, have packages to crack such networks. With the advent of mobile computing, anyone with access to the Internet can download apps to crack WEP protection.
 

Advent of WPA2 ( IEEE 802.11i – 2004 Standard )

To replace WEP, the WPA and WPA2 came in 2003 and 2004. For a device to connect to the Internet, all devices must be using WPA / WPA2. Any device with WEP cannot be on the network as a default group rule.

Basic Working of WPA2

4 Way Handshake Used by WPA
4 Way Handshake Used by WPA
Credit Wikimedia
A common type of WPA is WPA-PSK (Wireless Protected Area using Pre-Shared-Key). WPA2 uses a 256-bit key. 256 Bit Key makes it almost impossible for an average computer to crack the Wi-Fi security. A rather advanced model is WPA – AES or ( WPA using Advanced Encryption Standards ). The AES makes the Wi-Fi network secure against sophisticated computers with many cores. Note that the security here uses the Brute Force as the baseline to measure the toughness of an algorithm
 
What basic WPA2 did was that it took old WEP and treated it as an encryption seed. So, the WEP was not the whole algorithm but a part of it. In KRACK attack, the attacker tricks the WPA algorithm to use an already-in-use key. A new key is a yield but the older key inserted instead of a fresh key.
 

Subject Matter: Performing KRACK attack on WPA enabled Wi-Fi

KEY SWAP IN KRACK ATTACK
KEY SWAP IN KRACK ATTACK

The KRACK algorithm uses a flaw in something called “Cryptographic Nonce”. A nonce is an “incremental send packet number”. Its purpose is addressing packet number or “Replay Counter”. If a user is already authenticated then he can use the network. KRACK does something that lets the attacker pose himself as a legitimate fresh authenticated user using the old Key. Once the attacker is inside the network he can go and crack any type of security the OS has. Attacker gains access after installation of bogus Cryptographic Key.

 
The attacker can strip HTTPS from victim’s browser & reveal sensitive information, like Passwords. The Nonce is yield by a 4-way handshake. The KRACK uses a flaw in this handshake to replace the legitimate key with the older key. The attacker has this older key & he installs that that into WPA2 to gain access. KRACK was able to compromise almost all security methods of WPA2. KRACK attack was able to crack the PeerKey, group key, and Fast BSS Transition (FT) handshake. This makes pretty much 100 % of WPA enabled Wi-Fi setups.

 

KRACK- COMMAND RESULT
KRACK- COMMAND RESULT
Credit: COMMAND RESULT
The KRACK pretty much devastates the Android 6.0 security. Android 6.0 allowed the attacker to use all zero encryption key. It is like using a simple string of numbers like 12345678 as your password.
The security researcher was also able to crack WPA-TKIP and GCMP. As a result, the attacker can crack the security, replay, decrypt and forge the TCP packets.
 
The AES-CCMP is also susceptible to KRACK attack. For AES CCMP, the attacker can replay and decrypt but cannot forge the TCP data packets. This much information is enough to insert malicious code into the data packets.
 
You might also like 

Top 6 Google Search Hacks of 2017 – TechScoop.in

About 3.5 Billions of Google search requests takes place in a day. Even during your read of that sentence, about 2 lacs of searches might have taken place. Billions of people use Google for searching anything on the internet, even you may have reached this article by searching on Google.

Summary
0 %
User Rating 3.94 ( 4 votes)
Load More Related Articles
Load More By Sushant Bhargav
Load More In Geeky Scoops
Comments are closed.

Check Also

10 ways for private internet access to stay anonymous & protect online privacy

10 Ways to stay anonymous while browsing and protect your online privacy. This article wil…