Most vulnerabilities go unnoticed by the majority of the world’s population even if they affect several million people. But this vulnerability is probably going to affect several billion people all over the world: Researchers have found a bunch of vulnerabilities that make all Wi-Fi networks insecure.
According to researchers, any Wi-Fi network that relies on WPA or WPA2 encryption can be compromised. And with WPA being the standard for modern Wi-Fi, that means pretty much every Wi-Fi network in the world is vulnerable.
Researchers have found out that devices based on Android, iOS, Linux, macOS, Windows, and some other operating systems are vulnerable to some variation of this attack, and that means almost any device can be compromised. They called this type of attack a key reinstallation attack, or KRACK for short.
This attack works by abusing design or implementations flaws in the WPA2 protocol of Wi-Fi standard, or what is known as the four-way handshake (network authentication protocol) to reinstall an already-in-use key, which then resets the key and allows the encryption protocol to be attacked. To guarantee security, a key should only be installed and used once. But the research paper found this is not guaranteed by the WPA2 protocol which leads to the high possibility of this weakness to be abused.
Once the attack is successful, an attacker may take advantage of accessing and tampering network traffic, which may lead to login credentials or any other sensitive data theft or malware injection. The paper reveals that the attack is catastrophic especially against version
2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux and Android devices. Also affected are Apple, Windows, OpenBSD, MediaTek, Linksys, among others.
One may argue that there’s another layer of security — the encrypted connection to a site, e.g., SSL or HTTPS. However, a simple utility called SSLstrip set up on the fake access point is enough to force the browser to communicate with unencrypted, HTTP versions of websites instead of encrypted, HTTPS versions, in cases where encryption is not correctly implemented on a site (and that is true for quite a lot of websites, including some very big ones).
So, by using this utility in their fake network, the attacker can access the users’ logins and passwords in plain text, which basically means stealing them.