WPA2 Protocol Vulnerability for Intercepting Passwords

OWASP TOP 10: #4 | Insecure Direct Object Reference Vulnerability

September 20, 2017

KeystoneJS Open Source Penetration Testing Report – Gratis 2017

October 24, 2017

Published by Sandeep Kamble at October 17, 2017

Overview

The WPA2 Protocol vulnerability allows attacker to decrypt the network traffic from the vulnerable device and it also allow to view the critical information, injecting the packets/data from the vulnerable devices. The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks and the researcher who found this vulnerability is not released the working exploit code, however the exploit code will be released very soon by the researcher.

This vulnerability has been assigned with CVE-ID CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 and you can monitor them for the further updates.

Demonstration

The proof of concept provided by the researcher.

Impact

The impact of this vulnerability is critical as the attacker can silently listening the wireless network traffic would be able to read the plain text data in the wireless network. Additionally the data presumed to be encrypted which will be available for read, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.

In-short, the ultimate benefits of the encryption at the level of wireless traffic are largely invalidated and communication over the WPA2 is now un-encrypted. This would serious affects for the IoT devices which uses the Linux or Android based devices. This is because Android and Linux can be tricked into (re)installing an all-zero encryption key.

Affected

Wi-Fi with WPA2 encryption are affected and this includes both WPA2-PSK and WPA2-Enterprise. [1]

Recommendations

It is simple update wireless devices and access-point which uses the WPA2 – WPA2-PSK and WPA2-Enterprise. List of the companies who pushed patch [3] – Microsoft, Apple, Arch Linux and other vendors already having the updates. Kindly keep in note – the vulnerability is related to SSID password, even if you change the password doesn’t patch the vulnerability. However we always recommend to have policy to change the wireless devices password with regular rotation.

References

https://www.krackattacks.com
https://www.kb.cert.org/vuls/id/228519
https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/