MalwareTips Bot

Robot
Verified
Content Creator
The WPA2 (Wi-Fi Protected Access II) protocol that’s used by most Wi-Fi networks today has been compromised, and a way to intercept traffic between computers, phones, and access points has been found.

Today’s Internet and network connections rely on specific tools that are taken for granted, most of the time. From time to time, a way to compromise these protocols sends everybody running for the fences. Let’s just remember the OpenSSL problem, for just a moment.

Now, a similar problem has been identified in the WPA2 protocol that’s used by Wi-Fi networks. Whenever you connect your device to a Wi-Fi network, you are probably using the WPA2 security protocols, and you feel safe. Well, you shouldn’t feel safe at all. It turns out that the protocol is vulnerable and that communications between client and host can be intercepted.

WPA2 has been KRACKed

Security researchers have discovered a way to compromise the communications between a... (read more)

Read more: WPA2 Going the Way of WEP After Wi-Fi Researchers Find Critical Flaw
 
Last edited by a moderator:

Marko :)

Level 16
Verified
The solution - alongside with WPA2, use MAC address filtering. This will prevent connecting any devices whose MAC address isn't allowed in router settings.

I'm not worried at the moment. I have router which has intenal antenna and it's strong to cover only inside of the apartment. As soon as I leave the apartment, signal gets lost, even if I'm standing right in front of the door. Plus, I live on higher floor so there's no way network is visible outside.
I've measured signal with Wifi Analyzer app few times to get these results.

I'm still going to check list of connected devices (in past and now) from time to time, though. :)
 
Last edited:

Slyguy

Level 43
This one is a real worry for us all, is there anything to be done to protect against this. :eek:
Not really.. Even my advanced WiFi security (WIDS and RAP) would not stop this. MAC address filtration wouldn't work. Hidden SSID would be pointless. What works from the monitoring aspect of this is the encryption of the tunnel via HTTPS or VPN. Also, since only about 30-40% of internet traffic is encrypted, this leaves the other 60-70% vulnerable. But as noted, this can be used to inject malware onto a system as well.

These paragraphs show why this is particularly catastrophic and cannot be overstated;

The ability to decrypt packets can be used to decrypt TCP SYN packets. This allows an adversary to obtain the TCP sequence numbers of a connection, and hijack TCP connections. As a result, even though WPA2 is used, the adversary can now perform one of the most common attacks against open Wi-Fi networks: injecting malicious data into unencrypted HTTP connections. For example, an attacker can abuse this to inject ransomware or malware into websites that the victim is visiting.

If the victim uses either the WPA-TKIP or GCMP encryption protocol, instead of AES-CCMP, the impact is especially catastrophic.Against these encryption protocols, nonce reuse enables an adversary to not only decrypt, but also to forge and inject packets. Moreover, because GCMP uses the same authentication key in both communication directions, and this key can be recovered if nonces are reused, it is especially affected. Note that support for GCMP is currently being rolled out under the name Wireless Gigabit (WiGig), and is expected to be adopted at a high rate over the next few years.
 

Marko :)

Level 16
Verified
@Slyguy Some routers have option to hide Wi-Fi network and limit number of devices which can be connected to it. So if I set limit to 4 and connect all 4 devices, no other devices can connect. Right?

Could combination of device limit, MAC address filtering, WPA2 and hiding network help somehow, at least until fix is released? Looks like a pretty good protection for me.

I have option to reduce Wi-Fi network signal range as well.
 
Last edited:

Slyguy

Level 43
The solution - alongside with WPA2, use MAC address filtering. This will prevent connecting any devices whose MAC address isn't allowed in router settings.

I'm not worried at the moment. I have router which has intenal antenna and it's strong to cover only inside of the apartment. As soon as I leave the apartment, signal gets lost, even if I'm standing right in front of the door. Plus, I live on higher floor so there's no way network is visible outside.
I've measured signal with Wifi Analyzer app few times to get these results. :)
No offense, but you aren't safe. MAC address filtration doesn't help here. This is a TCP insert attack and/or monitoring that doesn't need to be registered in your DHCP table for MAC filtration to impact you. This attack utilizes your existing wireless devices as an interception point.

Also, localized WiFi attacks aren't entirely dependent on the strength of your WiFi signal, since they can boost their tailored access package to come within range of your WiFi network EXTERNALLY sweeping a wide area for signals for injection. The only way to reliably avoid localized penetration of a WiFi signal is to have a SCIF or Faraday blocking all leakage of WiFi. Otherwise, any leakage can result in injection attacks.

I'm curious if IDS/IPS that guards against TCP tampering would have any effect here? Most modern UTM/NGFW's have TCP Alteration, Timeout and Fragmentation technologies to prevent/reduce advanced attacks like TCP interception/Quantum Injection. I wonder if they've tested this against a secured corporate network or just home networks? I have advanced TCP attack inspection/mitigation in place so I would be curious as to the effectiveness (or lack of) in this case.

Note a key mitigation paragraph;

In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
 

Slyguy

Level 43
@Slyguy Some routers have option to hide Wi-Fi network and limit number of devices which can be connected to it. So if I set limit to 4 and connect all 4 devices, no other devices can connect. Right?

Could combination of device limit, MAC address filtering, WPA2 and hiding network help somehow, at least until fix is released? Looks like a pretty good protection for me.
None of these will have any effect. Sorry to say.
 
Top