KRACK is a critical vulnerability in the most popular WPA2 security protocol, affecting almost every device with Wi-Fi

A group of researchers on cybersecurity has discovered a critical vulnerability in the Wi-Fi Protected Access II protocol (WPA2), which encrypts the connection of the vast majority of modern wireless Wi-Fi networks. With its help, attackers can not only listen to traffic from all devices connected to Wi-Fi (laptops, tablets, smartphones), but also to introduce malicious code into the pages of sites that they visit.

The set of vulnerabilities was named KRACK (Key Reinstallation Attack).

The United States Computer Emergency Readiness Team (US-CERT), which informs government agencies and private organizations about cyberthreats, confirmed the seriousness of the threat:

"US-CERT has learned about several key vulnerabilities in the four-way handshake algorithm, which is part of the WPA2 security protocol.

The impact of these vulnerabilities includes decryption, interception of packets, theft of TCP connections, the introduction of HTTP content and not only. The problem concerns most or all implementations of the standard, "the organization said in a statement.
Since the problem is contained in the WPA2 protocol itself, it affects "almost every device with Wi-Fi", the researchers say. That is, all devices with wireless Wi-Fi support regardless of the software platform (Android, iOS, Windows, etc.) fall into the risk zone. At the same time, there are some versions of Linux in the highest risk zone, and for devices running Android version 6.0 and below, the vulnerability is "extremely destructive". When attacking other platforms, it is more difficult to decrypt all data packets, but nevertheless, attackers can get the most information. True, it is worth considering that this attack is limited to the area of ​​the Wi-Fi network.

Demonstration of an attack on a smartphone running Android

The group of researchers could not find any evidence that this vulnerability was ever used by hackers. They also noted that they warned producers and sellers of equipment about the problem in July 2017. At the end of August, the US-CERT organization also sent out warnings. As Ars Technica notes, approximately 100 companies received warnings. Aruba and Ubiquiti, who sell access points to large corporations and government organizations, have already released an update to remove vulnerabilities under code names: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE -2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088. Of course, a simple password change in this case is not enough to prevent the possibility of an attack. Researchers advise to make sure that the router uses the latest firmware version, and update all user devices to the latest firmware version.

Microsoft has already said that they have already fixed a vulnerability in Windows. Google said that it is aware of the problem and that in the coming weeks will issue fixes for all vulnerable devices. However, the question immediately arises as to how quickly these updates will get (and will they receive at all) owners of devices that do not belong to the Pixel and Nexus families.

In the coming weeks and months, updates are expected for a number of other access points and devices.

In the meantime, worried users are advised to avoid using Wi-Fi prior to the release of the patch or to use additional data encryption protocols such as HTTPS, STARTTLS and Secure Shell. You can also consider using VPN as an additional security measure, but you have to be especially careful, since many of them can not guarantee a secure connection.

Simultaneously with the coverage of the problem, a special site called krackattacks.com was launched and a repository on GitHub devoted to the vulnerability was created.

More details about the vulnerabilities researchers will tell during a report on November 1 at a conference on cybersecurity in Dallas.

Source: The Verge, Ars Technica and TJ