New KRACK Attack Breaks WPA2 WiFi Protocol

[Karlston]

Mathy Vanhoef, a researcher from the University of Leuven (KU Leuven), has discovered a severe flaw in the Wi-Fi Protected Access II (WPA2) protocol that secures all modern protected Wi-Fi networks.

 

The flaw affects the WPA2 protocol itself and is not specific to any software or hardware product.

 

Vanhoef has named his attack KRACK, which stands for Key Reinstallation Attack. The researcher describes the attack as the following:

Our main attack is against the 4-way handshake of the WPA2 protocol. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to confirm that both the client and access point possess the correct credentials (e.g. the pre-shared password of the network). At the same time, the 4-way handshake also negotiates a fresh encryption key that will be used to encrypt all subsequent traffic. Currently, all modern protected Wi-Fi networks use the 4-way handshake. This implies all these networks are affected by (some variant of) our attack. For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES. All our attacks against WPA2 use a novel technique called a key reinstallation attack (KRACK).

 

In simpler terms, KRACK allows an attacker to carry out a MitM and force network participants to reinstall the encryption key used to protected WPA2 traffic. The attack also doesn't recover WiFi passwords.

Attacker must be within WiFi network range

The attack works only if the attacker is in the victim's WiFi network range, and is not something that could be carried out via the Internet.

 

HTTPS may also protect user traffic in some cases, as HTTPS uses its own separate encryption layer. Nonetheless, HTTPS is not 100% secure, as attacks exist that could downgrade the connection and grant the attacker access to HTTPS encrypted traffic [1, 2, 3, 4, 5, 6].

 

The KRACK attack is universal and works against all type of devices connecting or using a WPA2 WiFi network. This includes Android, Linux, iOS, macOS, Windows, OpenBSD, and embedded and IoT devices.

 

The attack allows a third-party to eavesdrop on WPA2 traffic, but if the WiFi network is configured to use WPA-TKIP or GCMP encryption for the WPA2 encryption, then the attacker can also inject packets into a victim's data, forging web traffic.

Almost any device is affected

Because the vulnerability in establishing the WPA2 handshake affects the protocol itself, even devices with a perfect protocol implementation are affected.

 

Changing WiFi passwords doesn't protect users. Users must install firmware updates for affected products.

 

"Any device that uses Wi-Fi is likely vulnerable," Vanhoef said. "Luckily implementations can be patched in a backwards-compatible manner." A list of available products and updates will be available in this US-CERT advisory page that will go live in the following hours. No updates are available at the time of publishing.

 

While updates are expected for desktops and smartphones as soon as possible, experts believe routers and IoT devices will be affected the most and will see a delay in receiving firmware updates.

Issue discovered last year

Vanhoef discovered the issue in 2016 but kept working to refine his attack. The researcher sent notifications to some affected vendors in July 2017, and US-CERT sent a broader note to more vendors at the end of August.

 

The expert describes the attack in much more depth on a website dedicated to the KRACK attack, and in a research paper the expert plans to present at this year's Computer and Communications Security (CCS) and Black Hat Europe conference.

 

Vanhoef also published a video demoing and explaining the KRACK attack.

The following CVE identifiers will help you track if your devices have received patches for the WPA2 flaws Vanhoef discovered.

• CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
• CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
• CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
• CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
• CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
• CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
• CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
• CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
• CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
• CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.

How to fix the KRACK Vulnerability?

The first thing you should do is not panic. While this vulnerability could allow an attacker to eavesdrop on or modify data being transmitted over wireless connections, at the same time, this attack is not going to be easy to pull off and a working exploit has not been published as of yet.

 

The good news is that this is a highly covered vulnerability and vendors will quickly release updates to fix this flaw. For consumers and business users, this means updating your router, access point, wireless network adapters, and devices with new firmware and drivers as they are released.

 

To make it easier for you, BleepingComputer has started compiling a list of vendors who have released advisories or driver and firmware updates. This list can be found at List of Firmware & Driver Updates for KRACK WPA2 Vulnerability and will be constantly updated as BleepingComputer receives new information.

 

Source: New KRACK Attack Breaks WPA2 WiFi Protocol (BleepingComputer)

[steven36]

 

Quote

 

Forget KRACK Attack, 5 Year Old Encryption Bug Returns For Google And Microsoft

 

While we were still finding it difficult to forget the Krack attack, a five-year-old bug has resurfaced in a new form to haunt Google and Microsoft. Known as ROCA (Return of Coppersmith’s Attack), the encryption key-related exploit is named after the Coppersmith’s attack.

The ROCA hack: Vulnerable RSA Generation (CVE-2017-15361), developed by the researchers at Centre for Research on Cryptography and Security, Masaryk University,  Enigma Bridge and Ca’ Foscari University targets the weakness in the cryptography tech in chips made by Infineon Technologies.

The range of affected devices – released as early as – includes a large number of Chromebooks, and Windows laptops manufactured by Fujitsu, HP, and Lenovo which feature the hardware chips created by Infineon.

  

The problem lies in the way the manufacturers implement the widely-used RSA encryption. This makes it possible to figure out the private key if the public key is available which isn’t a big deal.

“The currently confirmed number of vulnerable keys found is about 760,000 but possibly up to two to three magnitudes more are vulnerable,” warn the researchers. They will present their paper at the ACM Conference on Computer and Communications this month where the Krack attack will also be on display.

ROCA hack is practically more effective against 1024-bit encryption keys. Researchers calculated the cost of performing the attack via Amazon cloud servers. It would require around $76 to crack a 1024-bit key while more funds would be needed for a 2048-bit key. It would cost $40,000 as higher bit keys are more complicated, and therefore, harder to crack.

Jake Williams, an ex-NSA staffer and the owner of the cybersecurity company RenditionSec, calls ROCA issue more severe than KRACK, Forbes reports. Williams suggests two ROCA attack scenarios; one involves the attacker compromising the digital signature certificate used to validate a software’s source. An attack can use the published public key to reverse engineer the private key to sign the software and impersonate the victim.

Second, the attacker can run malicious code by fooling the Trusted Platform Module (TPM) chip which stores the RSA encryption keys.

“The TPM is used to ensure the code used to boot the kernel is valid. Bypassing a TPM could allow the attacker to perform an inception style attack where they virtualize the host operating system,” he said.

“There are dozens of other variations of attacks, but these Infineon chips are huge in hardware security modules (HSMs) and TPMs”

The vulnerability was first spotted in January this year, and Infineon was notified in February. The researcher had an agreement to wait for 8 months before making it public. Software updates and mitigation guidelines have been released by Microsoft, Google, HP Lenovo, Fujitsu. Researchers have provided detection tools to check whether the keys are vulnerable.

 

https://fossbytes.com/roca-encryption-bug-infineon-chips/

 

[steven36]

27 minutes ago, 0bin said:

Fixed in newest firmware of today.

 Here  are all the  effected Chormebooks

 

• asuka - Dell Chromebook 13 3380

• auron-paine - Acer Chromebook 11 (C740)

• auron-yuna - Acer Chromebook 15 (CB5-571)

• banjo - Acer Chromebook 15 (CB3-531)

• banon - Acer Chromebook 15 (CB3-532)

• buddy - Acer Chromebase 24

• candy - Dell Chromebook 11 (3120)

• caroline - Samsung Chromebook Pro

• cave - ASUS Chromebook Flip C302

• celes - Samsung Chromebook 3

• chell - HP Chromebook 13 G1

• clapper - Lenovo N20 Chromebook

• cyan - Acer Chromebook R11 (CB5-132T / C738T)

• daisy-skate - HP Chromebook 11 2000-2099 / HP Chromebook 11 G2

• daisy-spring - HP Chromebook 11 1100-1199 / HP Chromebook 11 G1

• edgar - Acer Chromebook 14 (CB3-431)

• elm - Acer Chromebook R13 (CB5-312T)

• enguarde - ASI Chromebook

• enguarde - Crambo Chromebook

• enguarde - CTL N6 Education Chromebook

• enguarde - Education Chromebook

• enguarde - eduGear Chromebook R

• enguarde - Edxis Education Chromebook

• enguarde - JP Sa Couto Chromebook

• enguarde - Lenovo N21 Chromebook

• enguarde - M&A Chromebook

• enguarde - RGS Education Chromebook

• enguarde - Senkatel C1101 Chromebook

• enguarde - True IDC Chromebook

• enguarde - Videonet Chromebook

• expresso - Bobicus Chromebook 11

• expresso - Consumer Chromebook

• expresso - Edxis Chromebook

• expresso - HEXA Chromebook Pi

• falco - HP Chromebook 14

• gandof - Toshiba Chromebook 2 (2015 Edition)

• glimmer - Lenovo ThinkPad 11e Chromebook

• gnawty - Acer Chromebook 11 (C730 / C730E)

• gnawty - Acer Chromebook 11 (C735)

• guado - ASUS Chromebox CN62

• hana - Lenovo N23 Yoga/Flex 11 Chromebook

• hana - Poin2 Chromebook 14

• heli - Haier Chromebook 11 G2

• kefka - Dell Chromebook 11 Model 3180

• kefka - Dell Chromebook 11 3189

• kevin - Samsung Chromebook Plus

• kip - HP Chromebook 11 2100-2199 / HP Chromebook 11 G3

• kip - HP Chromebook 11 2200-2299 / HP Chromebook 11 G4/G4 EE

• kip - HP Chromebook 14 ak000-099 / HP Chromebook 14 G4

• lars - Acer Chromebook 11 (C771, C771T)

• lars - Acer Chromebook 14 for work (CP5-471)

• leon - Toshiba Chromebook

• link - Google Chromebook Pixel

• lulu - Dell Chromebook 13 7310

• mccloud - Acer Chromebox

• monroe - LG Chromebase 22CB25S

• monroe - LG Chromebase 22CV241

• ninja - AOPEN Chromebox Commercial

• nyan-big - Acer Chromebook 13 (CB5-311)

• nyan-blaze - HP Chromebook 14 x000-x999 / HP Chromebook 14 G3

• nyan-kitty - Acer Chromebase

• orco - Lenovo 100S Chromebook

• panther - ASUS Chromebox CN60

• peach-pi - Samsung Chromebook 2 13"

• peach-pit - Samsung Chromebook 2 11"

• peppy - Acer C720 Chromebook

• quawks - ASUS Chromebook C300

• reks - Lenovo N22 (Touch) Chromebook

• reks - Lenovo N23 Chromebook

• reks - Lenovo N23 Chromebook (Touch)

• reks - Lenovo N42 (Touch) Chromebook

• relm - Acer Chromebook 11 N7 (C731)

• relm - CTL NL61 Chromebook

• relm - Edxis Education Chromebook

• relm - HP Chromebook 11 G5 EE

• relm - Mecer V2 Chromebook

• rikku - Acer Chromebox CXI2

• samus - Google Chromebook Pixel (2015)

• sentry - Lenovo Thinkpad 13 Chromebook

• setzer - HP Chromebook 11 G5 / HP Chromebook 11-vxxx

• squawks - ASUS Chromebook C200

• sumo - AOpen Chromebase Commercial

• swanky - Toshiba Chromebook 2

• terra - ASUS Chromebook C202SA

• terra - ASUS Chromebook C300SA/C301SA

• tidus - Lenovo ThinkCentre Chromebox

• tricky - Dell Chromebox

• ultima - Lenovo ThinkPad 11e Chromebook 3rd Gen (Yoga/Clamshell)

• veyron-fievel - AOpen Chromebox Mini

• veyron-jaq - Haier Chromebook 11

• veyron-jaq - Medion Akoya S2013

• veyron-jaq - True IDC Chromebook 11

• veyron-jaq - Xolo Chromebook

• veyron-jerry - CTL J2 / J4 Chromebook for Education

• veyron-jerry - eduGear Chromebook K Series

• veyron-jerry - Epik 11.6" Chromebook ELB1101

• veyron-jerry - HiSense Chromebook 11

• veyron-jerry - Mecer Chromebook

• veyron-jerry - NComputing Chromebook CX100

• veyron-jerry - Poin2 Chromebook 11

• veyron-jerry - Positivo Chromebook CH1190

• veyron-jerry - VideoNet Chromebook BL10

• veyron-mickey - ASUS Chromebit CS10

• veyron-mighty - Chromebook PCM-116E

• veyron-mighty - eduGear Chromebook M Series

• veyron-mighty - Haier Chromebook 11e

• veyron-mighty - Lumos Education Chromebook

• veyron-mighty - MEDION Chromebook S2015

• veyron-mighty - Nexian Chromebook 11.6-inch

• veyron-mighty - Prowise 11.6" Entry Line Chromebook

• veyron-mighty - Sector 5 E1 Rugged Chromebook

• veyron-mighty - Viglen Chromebook 11

• veyron-minnie - ASUS Chromebook Flip C100PA

• veyron-speedy - ASUS Chromebook C201PA

• veyron-tiger - AOpen Chromebase Mini

• winky - Samsung Chromebook 2 11 - XE500C12

• wizpig - CTL J5 Chromebook

• wizpig - Edugear CMT Chromebook

• wizpig - Haier Convertible Chromebook 11 C

• wizpig - PCMerge Chromebook PCM-116T-432B

• wizpig - Prowise ProLine Chromebook

• wizpig - Viglen Chromebook 360

• wolf - Dell Chromebook 11

• zako - HP Chromebox CB1-(000-099) / HP Chromebox G1/ HP Chromebox for Meetings

https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update

 

I not found a  full list of Windows pcs  only this info
 

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012

 

[DKT27]

From what I have read, the protocol is basically broken and untrustable due to this. Some even requesting a new protocol - which I expect to be made sooner or later.

 

But looking at it again, while the whole world which cares nothing about security updates might be effected, those actually paying attention to their updates need not be too concerned about it. Provided that product makers care about giving updates to almost all of their products, not only the latest and most expensive ones I think.

[steven36]

2 hours ago, DKT27 said:

From what I have read, the protocol is basically broken and untrustable due to this. Some even requesting a new protocol - which I expect to be made sooner or later.

 

But looking at it again, while the whole world which cares nothing about security updates might be effected, those actually paying attention to their updates need not be too concerned about it. Provided that product makers care about giving updates to almost all of their products, not only the latest and most expensive ones I think.

From what i read RSA is not broken  its  TPM Chipsets Generate Insecure RSA keys  whats broken is TPM Chipsets  they produce really weak keys it don't effect RSA  used in other ways but  even crackers crack apps protected  with weak RSA keys . If RSA  was broken it would effect all motherboards  but it don't  it only effects TPM Chipsets.

 

How to Check If Your Computer Has a Trusted Platform Module (TPM) Chip

https://www.howtogeek.com/287737/how-to-check-if-your-computer-has-a-trusted-platform-module-tpm-chip/

The DELL I'm on right now don't have this chip even .

 

 

Quote

 

Trusted Platform Module

The FAQ section of the VeraCrypt website  states that the Trusted Platform Module (TPM) cannot be relied upon for security, because if the attacker has physical or administrative access to the computer and you use it afterwards, the computer could have been modified by the attacker e.g. a malicious component—such as a hardware keystroke logger—could have been used to capture the password or other sensitive information. Since the TPM does not prevent an attacker from maliciously modifying the computer, VeraCrypt will not support TPM.

 

 

Quote

While TPMs have benefits, there's always a risk that the manufacturer has put a back-door in. The decision of whether to use a TPM reflects the software's priorities. VeraCrypt wants to put you in charge and avoids the TPM back-door risk

 

Sounds like they found  the backdoor into Bitlocker

[SB7]

I wouldn't be surprised if this "weakness" was insisted upon , by the NSA... ( the twisted Infineon's arms)  .. after all they have a history of trying to weaken encryption ..for their own benefit..

[samuelthegreat]

Your Wi-Fi Can Be Hacked Due to WPA2 Protocol Vulnerability Called KRACK

The group of cybersecurity experts has recently found the greatest and unprecedented vulnerability in the security of Wi-Fi networks. The most popular security protocol for WI-FI networks – the WPA2 protocol appears to be the weak link.

 

 

What is KRACK?

New vulnerability called KRACK allows hackers to intercept and steal passwords, monitor user actions on the Internet and replace messages or data.

 

A joint group of cybersecurity researchers from the University of Leuven, Huawei Technologies, and the University of Birmingham, presented their work called: Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, which is shortly called KRACK.

 

These newly discovered WPA2 vulnerabilities allow hackers to bypass protection and “listen” for Wi-Fi traffic between the access point and the device. Virtually all devices connected to Wi-Fi are in danger. So the risk extends not only to your computers, mobile phones, laptops, and tablets but to your smart TV, smart refrigerator, and even your smart lock.

 

KRACK gives hackers an opportunity to perform a man-in-the-middle attack and push network members into reinstalling the encryption keys that protect WPA2 traffic. In case networks are configured to use GCMP or WPA-TKIP protocols, attackers can not only listen for WPA2 traffic but also inject packets into victim data.

 

Even though all the major manufacturers of Wi-Fi routers and other devices were informed of the vulnerabilities of the WPA2 protocol more than six months ago, most of them have not been able to find and implement solutions to address the issue. It means that most devices using Wi-Fi networks are still vulnerable.

 

Although security researchers do not have any pieces of evidence that this vulnerability was ever used by hackers, we still need to exercise the best security practices to stay safe.

 

What can you do to protect your personal data?

• A password reset trick, in this case, cannot prevent the possibility of an attack. Researchers advise making sure that the router uses the latest firmware version. Check for the presence/absence of a patch for a specific vendor here, or on the manufacturer’s homepage.
• Do not use sites that are not secured by SSL encryption. Websites protected by SSL encryption always start with https: //
• Avoid public Wi-Fi at all costs. For example, McDonald’s, hotels, airports are the most likely places to attack the device.
• Use a VPN on all of your devices: Mac, Windows or even on your Wi-Fi router.
• Use a wired connection if your device includes a jack to connect an Ethernet cable. This exploit only affects 802.11 traffic between the Wi-Fi router and the connected device.

 

Author’s Bio

 

David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking.
 

SOURCE