Wi-Fi vulnerability poses risk to secure traffic

Register now

Operating system developers and other technology vendors are taking steps to harden defenses against a vulnerability in the form of secure Wi-Fi access that could enable a hacker to interrupt supposedly secure sessions.

The possibility that sessions conducted through Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated was jointly announced Monday by the Department of Homeland Security, the U.S. Computer Emergency Readiness Team (CERT), the Software Engineering Institute and Carnegie Mellon University.

The formal announcement from CERT can be found here. Called KRACK (for Key Reinstallation Attack), it represents a security flaw in the WPA2 protocol that could be exploited to enable someone to break the encryption between a router and a device to intercept and interfere with network traffic.

The weakness would allow a hacker to “induce nonce and session key reuse, resulting in key reinstallation by a wireless access point (AP) or client,” the announcement noted.

So, when someone attempts to use a Wi-Fi hotspot, their device gains access to the physical access point through a four-way handshake, checking that the password is correct and creating an encrypted connection between the router and the device.

The vulnerability would allow an attacker within range of an affected access point and client to conduct attacks that could weaken data confidentiality protocols. “Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames,” CERT warned.

With the ability to intercept traffic, hackers then could modify and forge fake data, and possibly interfere with the content of non-secure websites. This suggests that an attacker could possibly inject ransomware or other malware into otherwise “safe” websites.

Apple reportedly has already patched the vulnerabilities in the WPA2 standard, with exploits being addressed in its various operating systems that will be pushed out to users soon.

Similarly, Microsoft is said to have fixed the problem and is releasing protection that will be enabled when users install release updates this month.

Symantec offers the following protection tips for those connecting via the WPA2 protocol:

  • Immediately update Wi-Fi-enabled devices as soon as a software update is made available.
  • Only browse secure websites whose URL begins with HTTPS. HTTPS-enabled websites provides an extra layer of security by using encryption.
  • Consider using a secure Virtual Private Network (VPN) to help protect data against the new threat.
For reprint and licensing requests for this article, click here.