Wi-Fi Security Protocol WPA2 Suffers Its First Loss
After a 13-year reign as the optimal method to secure communications over a Wi-Fi connection, the encryption scheme WPA2 (Wi-Fi Protected Access II) was cracked last week. Security researchers discovered a vulnerability that can be exploited using KRACK or Key Reinstallation Attack. The exploit allows malicious attackers to intercept, read, and steal traffic and data sent over a Wi-Fi connection.
Luckily, security researchers discovered the flaw. However, this revelation has sparked a nervous rumble in the security community because WPA2 had been assumed to be totally secure and almost all modern routers and communication devices currently implement WPA2 to encrypt network traffic. The reaction is as if the security community’s favorite undefeated team suddenly and shockingly suffered their first loss.
It’s worth looking back and noting how we became so reliant on WPA2.
WEP, The Doomed Starter
Wired Equivalent Privacy (WEP) was an early form of wireless data protection that debuted in the late 1990s. It provided basic protections from packet sniffing and eavesdropping against wireless communications. WEP was cracked almost as soon as it was released. Classic spawn kill. WEP was crackable because of poor Initialization Vector (IV) implementation. The purpose of IVs in encryption is to give the secret key randomness. An IV is a random string of numbers added before or after the encryption key and makes cracking or brute forcing the key very difficult. Unfortunately, WEP used IVs of insufficient length, meaning the passwords were easy to discover.
WEP can be cracked in fewer than 60 seconds. Its only use today is in classrooms, as a victim to demonstrate basic wireless cracking tools.
WPA, The Beleaguered Mid-Reliever
WPA (Wi-Fi Protected Access) was the 2003 short-term replacement for WEP. This temporary fix depended on the TKIP (Temporal Key Integrity Protocol) encryption algorithm and used a secret passphrase for authentication. But this passphrase was a static key; meaning it never changed across sessions. Therefore, it was vulnerable to network brute force attacks to discover the passphrase. WPA also used a poor authentication method, so it was easy for an attacker to spoof his/her identity on the network.
It wasn’t until WPA2 debuted in 2004 that users could have confidence in their wireless security. WPA2 utilized a modern encryption algorithm, Counter Cipher Block Chaining Message Authentication Code Protocol (CCMP), which is a child algorithm to the Advanced Encryption Algorithm (AES). The main benefits of AES are speed and strength. The encryption algorithm is a symmetric algorithm meaning it doesn’t depend on a Public Key Infrastructure (PKI) to encrypt information. This allows it to encrypt information more quickly and its long key length (128 bit fixed block length) makes it less susceptible to cryptographic attacks that plague other encryption algorithms.
Last week’s KRACK exploit abused the process of when a device first connects to the network.
Now that a WPA2 vulnerability has been exposed, it’s worth reflecting on what it means for the industry and for you, as a burgeoning security professional. The main takeaway is that security practitioners should always remain vigilant. Never take any security measures for granted; always question preconceived notions about security best practices and tools. Practitioners and researchers should discover the vulnerabilities before the bad guys do, and challenging established, preeminent security tools is a way to stay ahead. If you do find a vulnerability, report it to the proper organizations so the vulnerability can be patched and the security community can thank you.
You can also help the industry by continuing your education and improving your security skills. Learn how CyberVista can help you with training for you or your team.