Serious flaw in the WPA2 protocol discovered: Routers vulnerable to eavesdropping

Over the weekend, a group of Belgian security researchers released the first data of a critical vulnerability in the WPA2 protocol that is used to protect with encryption the transfer of data occurring within networks. The flaw on the Wi-Fi Protected Access II protocol, this full name, could allow any attackers to intercept the Wi-Fi traffic that occurs between computers and access points, obtaining it in clear text.

The researchers have been working for weeks on a proof-of-concept exploit called KRACK (Key Reinstallation Attacks), which will be shown to the public in detail during the afternoon of Monday 16. The research is described by the US CERT with these words, spread to about 100 organizations:

US-CERT has learned of a number of vulnerabilities in key management in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. Exploiting these vulnerabilities can make it possible to decrypt, replay packages, hijacking the TCP connection, injecting content via HTTP, etc. It should be noted that since these are protocol-level problems, most implementations of the standard, or perhaps all, are affected.

The problem is present in the procedure necessary for the creation of the cryptographic key for the traffic to and from the access point. In the third step of the procedure the key can be sent several times and if done in certain ways, it can be reused in a way that compromises the same encryption. The above vulnerabilities are known under the following identifiers: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017- 13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088.

The benefits will also be officially presented next November 1 during the ACM Conference on Computer and Communications Security to be held in Dallas, in a conference called Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Monday’s first disclosure is expected to be made through the krackattacks.com website, with a presentation by various researchers: Mathy Vanhoef, Frank Piessens, Maliheh Shirvanian, Nitesh Saxena, Yong Li, Sven Schäge, and others.

The vulnerabilities discovered are very serious, although some companies (such as Aruba and Ubiquiti, which sell access points for large companies or government institutions) have already declared that they have corrective patches available to cancel or reduce their effects. However, it is very likely that the vast majority of access points around the world and using the WPA2 protocol will never be updated and will remain vulnerable to the possibility of eavesdropping by exploiting the new exploit.

At the moment, it seems that the only alternative is to get rid of your router and buy a recent or already updated model, with the situation that will become clearer in the coming weeks. With WEP which is now a dead protocol, and WPA2 no longer seems as secure as promised, there does not seem to be many opportunities except to use more complex systems (and not for everyone) to protect their traffic. In the worst possible scenario, it seems clear that many routers in the world are destined to remain vulnerable.