Chances are the content of this article traversed some wireless network prior to being displayed on the device you are using (or prior to being printed out for you hard copy purists). However, today we learned the WPA2 (WiFi Protected Access II), is vulnerable to key reinstallation attacks. For the past 14 years, WPA2 has been considered the industry standard for maintaining a secure wireless network for personal and enterprise connectivity. What makes this newly released vulnerability different than the recent security headlines is this attack is not leveraging unpatched software or a company’s implementation of technology. This attack actually exposes flaws in the protocol specification (standard) itself; meaning all implementations of the standard are (likely) also vulnerable.
The full details identified by Mathy Vanhoef and Frank Piessens of imec-DistriNet, KU Leuven can be found here in Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 found here: https://papers.mathyvanhoef.com/ccs2017.pdf
Should we disable our wireless interfaces?
While disabling wireless interfaces is only the sure way to mitigate this attack, that may not be a feasible solution for every situation. Therefore, consider how the attack exploits the 802.11x standard so we can identify potential attacks and maintain a hardened security posture while updates are prepared.
During the initialization of a secure WiFi connection the access point and the client perform a 4-step handshake. During the third step, if an attacker performs man-in-the-middle attack and they may cause the client to reinstall a key and reset initialization values such as the nonce counter. This weakens encryption by making some elements more predictable and allowing attackers to perform replay attacks or even decipher encrypted network channels. Depending on the specific software and configuration attacks of this type could expose high-value information (passwords, session tokens, etc.) to would-be attackers.
How will this be fixed?
Vanhoef and Piessens also explain the countermeasures that should be amended to the 802.11x standard to remediate this vulnerability. Since, the attack takes advantage of possible noise and errors during step 3 of the WPA2 handshake to reinstall the key we should ensure that keys are installed once and only reinstalled necessarily. To accomplish this Vanhoef and Piessens propose adding a boolean variable that determines if the key (Pairwise Transient Key (PTK)) has been installed. Then if errors are observed later in communication the key cannot be reinstalled because the variable notes that the key has already been installed.
What can we do?!
In the meantime, you may not want to connect to unfamiliar wireless networks. Similarly, if you operate a wireless network confirm you recognize the devices on your wireless network. These steps will reduce the attackers man-in-the-middle attack surface. However, if you want to go further, disable your wireless network interface cards and snag yourself a network cable until updates are released.