Today, researchers revealed details of a new exploit called KRACK (key reinstallation attack), one that takes advantage of a vulnerability in Wi-Fi security to let a third party listen in on communications between two computers or wireless nodes.
KRACk takes advantage of holes in key management systems of the WPA2 security protocol, the current gold standard in personal and enterprise Wi-Fi networks.
WPA 2 (Wi-Fi Protected Access II) is a security protocol used to establish a secure connection between a computer and a wireless access point. The idea is that there’s a 4-way ‘handshake’, carried out in such a way that part of the data involved in generating a security key is never transmitted online, and hard to reverse engineer.
For example, here’s a great explainer from Stack Exchange’s Q&A community:
Alice comes out with a random number A. She computes f[A], and sends f[A] to Bob. Alice never discloses her A, not even to Bob.
Bob comes out with another random number B. He computes f[B], and sends f[B] to Alice. Bob never discloses his B, not even to Alice.
Alice computes S using A and f[B]. Bob computes S using B and f[A]
Mallory, who is eavesdropping, has only f[A] and f[B], and so it is hard for her to calculate S.
Alice and Bob now share a common secret which can be used as (or to come up with) a key to establish a secure connection.
Unfortunately, according to this new announcement, the vulnerabilities make this entire process moot. Reports seem to indicate that, in the third step, the key can be resent multiple times.Encryption keys are meant to be installed only once, so reusing a key like this undermines the encryption preceding it and allows a hacker to decrypt any data he intercepts.. The attacker only needs to be within range of a victim to exploit these weaknesses and can use it to steal sensitive information like credit card numbers, passwords, chat messages, emails, photos, and so on.
If your device supports Wi-Fi, it’s most likely vulnerable to this exploit. The researchers have discovered that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and other device, are all affected by some variant of the attacks. Android 6.0 and above, and Linux in particular were both found to be especially vulnerable.