The Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks were designed as a response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).
Now, the US CERT has issued an advisory that talked about several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol.
According to them, the impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, otehrs and that as protocol-level issues, most or all correct implementations of the standard will be affected.
The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks and security experts says that ehe research into tis vulnerabilities has been a closely guarded secret for weeks ahead of a coordinated disclosure that’s scheduled for 8 a.m. Monday.
This is a core protocol-level flaw in WPA2 wi-fi and it looks bad. Possible impact: wi-fi decrypt, connection hijacking, content injection. https://t.co/FikjrK4T4v
— Kenn White (@kennwhite) October 15, 2017
Part of the potential flaw in WPA could be that, the researchers have previously suggested in a 2016 paper, the random number generation used to create ‘group keys’ — the pre-shared encryption key shared on non-enterprise WPA/WPA2 wireless networks — isn’t random enough, and can be predicted.
With that prediction of not-so-random numbers in place, the researchers have demonstrated the ability to flood a network with authentication handshakes and determine a 128-bit WPA2 key through sheer volume of random number collection. Though it’s not yet clear, the re-use of a non-random key could allow an attacker to piggyback their way into a wireless network and then snoop on the data being transmitted within.