Ultima Blog

Security Weakness Evident In The WPA2 Secure Wi-Fi Protocol

Written by Ultima | 17-Oct-2017 08:58:51

On Monday the 16th of October security researcher Mathy Vanhoef of the imec-DistriNet Research Group released a security whitepaper detailing a serious security weakness evident in the WPA2 secure Wi-Fi protocol, impacting any and all current implementations of the protocol.

According to the current stats provided by WiGLE (a submission based catalogue of wireless networks) WPA2 accounts for nearly 60% of all wireless network connectivity worldwide.

The detailed vulnerability allows a potentially malicious attacker to intercept the secure handshake between Wi-Fi client and access point and to redirect that client to a bogus Wi-Fi network over which the attacker has complete control. Once the client is on this new network, the attacker can use any number of tools to capture (using tools such as Wireshark) both unencrypted and potentially encrypted (using tools such as SSLstrip, with a poorly secured HTTPS website) information that could be used for gathering information about the compromised user for further targeted attacks.

CERT/CC has provided a list of affected vendors, when they were notified of the vulnerability (vendor notifications started to be sent out by the research group in July 2017), along with when the vendor information was updated.

Cisco Meraki released their response to this issue later on the Monday that the information was originally released, confirming that the issue had been patched in their access points as of the time that the vulnerability was released. Those that update their access points to version 24.11 are automatically protected against the attacks and those that opt-out are recommended to disable 802.11r fast transition from their access points as this is where the vulnerability lies on Meraki networks.

Cisco have released a security advisory detailing impacted products (including Meraki), showing which devices are impacted and if a fix has been released. This page will be kept updated as further fixes are released.

Check Point have confirmed at this time that none of their products are vulnerable to the attack based on the information released so far, see sk120938 for further information.

HP Aruba FAQ on the vulnerability can be found on the link below:
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf

While wireless technology and security vendors are providing fixes for this issue, it’s equally important that clients get a timely update. If your home and place of work are patched and properly secured you can browse the internet safe in the knowledge that you’re free from unwanted attention. However when you’re out and about using one of the countless free Wi-Fi services available in public places, and you can’t guarantee that the device you’re connecting to is secure, it’s essential that you ensure that your Wi-Fi connected client is protected against the attack.

Below are vendor responses from key mobile and PC OS manufacturers, along with remediation instructions if they’re currently available:

Google
Google haven’t released an official statement, however have responded to requests stating that the company is “aware of the issue, and we will be patching any affected devices in the coming weeks.”

Apple
Again, no official statement has been released however Apple has responded to requests for comment by confirming that the current beta versions of the next software updates to iOS, macOS, watchOS and tvOS are fixed and that these updates should be released to the stable updates in October.

Microsoft
Security TechCenter response to “CVE-2017-13080 | Windows Wireless WPA Group Key Reinstallation Vulnerability” has been published including links to affected products and where the security updates can be obtained from.

Until your client is updated, Ultima recommends practicing caution connecting to wireless networks in vulnerable locations.

Further information on the attack can be found at https://www.krackattacks.com – the website set up by the team responsible for discovering and disclosing the information related to this vulnerability.