A Security Flaw In Your Wi-Fi Network May Let Attackers Spy On Your Data

You’ve set up a closed Wi-Fi network at home and use the same thing at the office, and it’s secured through the WPA2 standard — the ubiquitous security protocol for Wi-Fi, widely established as superior to WEP. Think you’re safe? As of today, you should think again. This morning, security researchers revealed a new kind of attack on the popular Wi-Fi protocol that allows bad actors to potentially eavesdrop on your Wi-Fi traffic and intercept sensitive data passing through the network — whether that’s passwords, emails, chat messages, photos, or credit card information.

The exploit, disclosed by security researcher Mathy Vanhoef at KU Leuven, a Belgian university, is called KRACK — short for Key Reinstallation Attacks. Vanhoef says that the vulnerability affects the WPA2 standard itself and can potentially be exploited on devices running Android, Apple, Windows, Linux, and OpenBSD operating systems, plus Linksys routers, Internet of Things devices, and other wireless devices using MediaTek chips. “The attack works against all modern protected Wi-Fi networks,” Vanhoef warned.

Microsoft said it had already released a software patch for this vulnerability. “Microsoft released security updates on October 10th and customers who have Windows Update enabled and applied the security updates, are protected automatically,” a company spokesperson told BuzzFeed News. Apple confirmed it has a fix in beta for iOS, macOS, watchOS and tvOS, which "will soon be rolled out to customers." Google said it was aware of the issue, and would be patching affected devices "in the coming weeks."

But while Vanhoef presented proof-of-concept that the attack can work, you don’t necessarily need to panic yet. “There is no immediate risk, and certainly not to the overwhelming majority of people,” Kenneth White, a Washington, DC–based security consultant to federal agencies, who was briefed on Vanhoef’s research, told BuzzFeed News. “No exploit code has been released.” Additionally, White noted, someone would have to be (somewhat) physically near the network to launch the attack.

Basically, White recommended, the security-conscientious should do what they always do every time a new vulnerability is discovered: update, update, update. Major wireless vendors will likely issue software patches for the vulnerable devices, White said. “Over-the-air updates to phones and devices will help reduce the threat of the most trivial attacks,” he said.

Meanwhile, the Wi-Fi Alliance said that “major platform providers” had already started pushing out patches for the WPA2 vulnerability. “There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections,” the group said in a statement. “Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member.”

Still, it isn’t clear how long it will take for the affected devices to be patched — or whether some Wi-Fi devices can be patched at all. In particular, White said, owners of older Android phones running version 6.0 of the operating system should make sure they update because their devices are extra vulnerable. Vanhoef called the attack “exceptionally devastating” to such devices in his research paper. About a third of Android phones in circulation are running 6.0 and are extra-vulnerable, according to the most recent Android developer data. But even more at risk are the millions of vulnerable Internet of Things wireless devices that consumers own, many of which don’t have the ability to get software updates over a wireless network.

One security flaw at issue, according to Vanhoef’s research, is the random number generation in “group keys” — encryption keys shared on WPA and WPA2 wireless networks. The security of such keys relies on how random those numbers are, but Vanhoef’s findings suggest they may not be random enough — to the point that predicting them may be possible. By inundating a wireless network with authentication handshakes, Vanhoef’s research shows it’s possible to figure out a 128-bit WPA2 key, through sheer volume of random number collection. Then that key can be used in a certain way on the network so that it subverts the encryption in place, giving the attacker access to all the data passing through the network.

And on older Android phones, the attack is much simpler, White said: By repeatedly replaying one of the messages in the Wi-Fi handshake, the attacker can force a special code called a “nonce” to be reused. Once that’s done, it is possible to decrypt network packets. On Android, a common piece of Linux code is used so that decryption is much easier to accomplish, White explained — it can take just seconds to do.

Related research had already been presented last August at the Black Hat Security Conference, but a more detailed account of the findings will be discussed in a talk at the ACM Conference on Computer and Communications Security in Dallas on Nov. 1. By then, hopefully, most vendors will have already issued a software update addressing the attack. But whether most people actually make the effort to update their wireless devices — or whether they’re even able to update them in the first place — remains the perennial security issue.