The Wi-Fi Krack

Security Vulnerability Highlights a Flaw in the Standard’s Creation

A vulnerability reported this week in the WPA2 protocol is a significant development owing to the ubiquity of the implementation. The weakness enables highly skilled attackers within proximity of an affected device to intercept passwords and traffic that had been presumed to be safely encrypted. Furthermore, attackers could inject ransomware or other malware through a Web site a client is visiting.

The exploit, known as Krack, which stands for Key Reinstallation Attack, was first discovered by Mathy Vanhoef, a security expert at Belgian university KU Leuven. It affects the core WPA2 protocol, meaning billions of devices are potentially at risk, including those running Android, Linux, and OpenBSD, and to a lesser degree, macOS and Windows. Attackers can take advantage of the flaw to decrypt a wealth of sensitive data that’s normally secured by the Wi-Fi encryption protocol.

Krack works by targeting the four-way handshake that happens when a client joins a WPA2-protected Wi-Fi network. The handshake is meant to confirm that both the client and access points have the proper credentials. Krack tricks a vulnerable client into reinstalling a key that’s already in use. The reinstallation forces the client to reset packet numbers containing a cryptographic nonce and other parameters to their initial values. It forces the nonce reuse in a way that allows the encryption to be bypassed.

The Wi-Fi Alliance, the promoter group for local connectivity technology, said it’s aware of the weakness and is working to find patches. Some technology providers have already tackled the problem. Microsoft, for example, has released a patch for Windows PCs, and Apple said it’s finalising patches for all its operating systems including iOS, macOS, watchOS and tvOS. Vulnerabilities in Android, the most widely used operating system in the world, will take longer to address, given the wide variety of versions being used.

Weaknesses in devices such as PCs, smartphones and tablets are relatively easy to fix with push notifications and automatic updates. The more serious level of this problem and one that will take many years to resolve is with more-static devices, particularly routers that need to be updated by tech-savvy consumers. It’s likely that vulnerable Wi-Fi access points will stay in place for years. Researchers point out that this flaw isn’t easy to exploit, but time will raise the odds of attack. Other connected products such as security cameras, light bulbs and home appliances are also at risk.

Many wireless communication technical specifications are developed by the Institute of Electrical and Electronics Engineers (IEEE), a professional association that’s also a leading organization for development of standards. Companies from around the world participate in the creation of the IEEE’s 802.11 wireless networking family of specifications. However, this work tends to be inaccessible to companies, research institutions and individuals outside the group. This closed approach prevents wider peer review and evaluation by parties interested in challenging the technology’s security measures.

Wi-Fi has become one of the most successful registered trademarks in the world – it’s owned by the Wi-Fi Alliance. The group’s public statement that “everything with Wi-Fi has a newly discovered security flaw” that needs to be immediately addressed in all devices is certainly a black eye for the technology, the equivalent of a model-wide recall by a car manufacturer. Nonetheless, Wi-Fi is like digital oxygen and is unlikely to be challenged by other connectivity specifications. It has plenty of breathing room.