A major security flaw has been found in WPA2, the security protocol protecting the vast majority of WiFi links in the world today.
For those strapped for time, the TL;DR:
- Reasonably expected to affect ALL devices using WiFi
- Can be used to gain access to all information sent over WiFi
- Can be used to inject malware into websites (any website!)
- Trivial to exploit, especially against Linux based clients, such as Android phones.
- Attack mainly targets the client (that is, the phone/laptop), so patching the vulnerability in these will reduce your attack surface, but these may not be available for some time, or may be tricky to apply
- Attack requires proximity still as it requires being physically close to your network, but even in a relatively low population density area, this does not mean much!
- Using a paid (or free) VPN will vastly reduce your risks of being intercepted!
- Using websites with HTTPS (With the green padlock) are still protected as this is an extra layer of security, however it is conceivable malware may be injected into non-secure websites that will circumvent this
- Now this is out in the wild, it is a matter of time (short, I would say) before an automated, easy-to-use tool is available to exploit the vulnerability, including gaining remote access. This makes it very dangerous.
- Can protect yourself with the use of a VPN service.
- If you have questions or concerns, or would like to know more about how to reduce your risk, Imaginarium IT can help: Call us on 1300 765 573 at your earliest convenience to discuss your options.
The standard base communication protocol for WiFi these days is WPA2, which is the industry standard WiFi communication protocol and has been for many years. It was long believed to be relatively secure, in that most attempts to gain access to this network required the password used for the network to be guessed or otherwise gained first. This new attack, however, requires no such information, and potentially affects every device that uses WiFi to communicate.
When a client (laptop or computer, phone) talks to a WPA2 encrypted router, they use encryption keys to secure the channel. In this attack, the client is fooled into reusing a key that is already in use. This means that the attacker now knows enough information to decrypt the information being sent over the network, and can use this to glean usernames and passwords, sites you are visiting (can be used in social engineering attacks), and more. Data can also be manipulated going back TO the client, allowing the attacker to inject any data they like into the stream. This could include malware that allows them remote access to the machine, which needless to say the machine then is completely compromised and all bets are off.
While a good anti-virus/anti-malware package will detect most of these, it is also relatively trivial for even the intermediate attacker to re-create a version of this that is not yet detected. Couple this with the fact that you don't need to actually visit an compromised site to become infected (the attacker could inject into a Google search for example!), and this attack goes from bad to worse.
The attacker does need proximity to your network, but this is a low-value layer of security, as it is easy to see most wifi networks from the road (i.e attacker sits in car), or to use this attack in free WiFi hot-spots where EVERYONE is using mobile devices, providing ample time and ample targets, for example.
There are ways to secure your connection, with the safest option (until the vulnerability is patched at least) being to secure your connection via a paid VPN service. After extensive research, NordVPN is our VPN of choice, and works on all major platforms (both on laptops and phones), and if you deal with sensitive information or online banking, this is highly recommended!
The official website of the security researcher that discovered the vulnerabilities can be found at https://www.krackattacks.com/ for those interested in the gory details.