A Belgian academic researcher has uncovered a flaw in the protocol that secures most Wi-Fi transmissions that could allow attackers to listen in on users’ communications.
The vulnerability was found in the WPA2 protocol used to secure protected networks in all current Wi-Fi hardware, including routers and client devices such as PCs, laptops and mobile phones.
It has been found effective on operating systems including Windows, macOS, Linux, Android and various types of software used in Wi-Fi routers.
Protected networks are those that require a password to join. They apply a layer of encryption to the data transmitted, protecting the information from being deciphered by other Wi-Fi-enabled devices in the immediate area.
While the bug doesn’t invalidate the proofs of WPA2’s security, Mathy Vanhoef, the research at KU Leuven who discovered the issue, said it falls outside the scope of the model used in those proofs.
As a result, all devices with correct implementations of Wi-Fi are affected in one way or another, although their exact vulnerability depends on the implementation, Vanhoef said in a website published on Monday morning.
The worst affected are Linux and versions of Android including 6.0 and later, he said. Those versions use a Wi-Fi client that Vanhoef found could be tricked into installing an all-zero encryption key, meaning an attacker could decrypt all packets sent across the Wi-Fi network.
Currently about 41 percent of Android devices run software vulnerable to this “exceptionally devastating” variant of the attack, Vanhoef said.
On the site, Vanhoef published a proof-of-concept video in which he demonstrates reading a username and password sent using an Android device.
Notably, the site in the demonstration doesn’t use the secure HTTPS protocol, which adds another level of encryption. While this attack doesn’t affect HTTPS security, Vanhoef noted HTTPS has been successfully attacked using other techniques.
The Wi-Fi exploit involves forcing a client device to reinstall an encryption key that’s already in use during the process of making the secure connection.
In practical terms it could allow an attacker to decrypt data sent across a supposedly secure network.
Vanhoef calls it a KRACK Attack, short for Key Reinstallation Attack.
“All Wi-Fi clients we tested were vulnerable to our attack against the group key handshake,” Vanhoef wrote in an academic paper he is scheduled to present at the Association for Computing Machinery’s (ACM) Computer and Communications Security (CCS) conference in Dallas, Texas on 1 November.
Vanhoef submitted the paper for review in May and began notifying vendors in July of this year, but after seeing how widespread the weakness was he contacted the Computer Emergency Response Team (CERT), part of the US government-backed Software Engineering Institute, which notified vendors more broadly in August.
The US Computer Emergency Readiness Team (US-CERT), part of the US Department of Homeland Security, on Sunday issued a public advisory ahead of detailed disclosure of the bug, warning the issue could allow “decryption, packet replay, TCP connection hijacking, HTTP content injection, and others”.
Vendors are expected to issue patches in the near term.
Google, which makes the Android operating system, said in a statement it was aware of the issue.
“We will be patching any affected devices in the coming weeks,” the company said in a statement.
Vanhoef said his exploit targets primarily client devices rather than routers, and that it’s most important to update these first. Updated devices should be able to continue to communicate with devices that haven’t had a patch installed, he said.
Others in the industry noted that various limiting factors figure in the exploit – an attacker must be in proximity to the target device, for instance, and communications may be protected by additional security such as HTTPS connections.
“This won’t let people in who are not physically present into your networks,” wrote Iron Group chief technology officer Alex Hudson in a blog post, adding that it’s unlikely sensitive data relies purely on WPA2’s protections.
“In particular, accessing secure websites is still fine,” he wrote.
Do you know all about security in 2017? Try our quiz!