[SingCERT] Alert on Multiple Vulnerabilities Affecting Wi-Fi Protected Access 2 (WPA2) Protocol

Published on Tuesday, 17 October 2017 16:35

Background

Wi-Fi Protected Access 2 (WPA2) is a security protocol developed by the Wi-Fi Alliance to enhance the security of the commonly used Wi-Fi networks.

On 16th October 2017, a researcher publicly disclosed multiple vulnerabilities found in WPA2 protocol [1]. These vulnerabilities may affect the data confidentiality of users' Wi-Fi connectivity in homes and offices.

Affected Systems

Devices with Wi-Fi connectivity using WPA and WPA2 protocols are potentially vulnerable [2].

Impact

After a successful man-in-the-middle attack conducted on the affected devices, the attacker can exploit the vulnerabilities to monitor, inject and/or manipulate users' network traffic.

Technical Details:

An unauthenticated attacker within Wi-Fi proximity of a targeted wireless Access Point (AP) and devices is able to spoof the network and force the victim to connect to it instead of the legitimate AP.This is done through a "Key Reinstallation Attacks" (KRACK), which force a cryptographic nonce reuse by retransmitting the third message of the WPA's four-way handshake process to trick the victim to reinstall a known key to the attacker. This allows the attacker to intercept the traffic between the affected AP and Clients and decrypt Wi-Fi packets.

Recommendations

Microsoft has released a security update for supported versions of their products [3]. Users are strongly advised to patch their systems.

Users of other affected devices are advised to check with their respective vendors on the availability of the security patches and apply appropriate patches to resolve these vulnerabilities as soon as possible.

To enhance security, users are encouraged to secure their networks using a secondary encryption solution such as Virtual Private Network (VPN).  Alternatively, they can consider a supplementary security protocol such as Transport Layer Security (TLS), Secure Shell (SSH) to encrypt and protect data confidentiality when performing sensitive transactions.

Users may also use a wired LAN for internet connection.

References

[1] https://www.krackattacks.com/

[2] https://www.kb.cert.org/vuls/id/228519/

[3] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

[4] https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4  (List of vendors who are affected)