Major Wi-Fi Vulnerabilities Uncovered Put Millions of Devices at Risk, Including Macs and iPhones

Discussion in ' News Discussion' started by MacRumors, Oct 16, 2017.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Mathy Vanhoef, a postdoctoral researcher at Belgian university KU Leuven, has discovered and disclosed major vulnerabilities in the WPA2 protocol that secures all modern protected Wi-Fi networks.


    Vanhoef said an attacker within range of a victim can exploit these weaknesses using so-called KRACKs, or key reinstallation attacks, which can result in any data or information that the victim transmits being decrypted. Attackers can eavesdrop on network traffic on both private and public networks.

    As explained by Ars Technica, the primary attack exploits a four-way handshake that is used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it's resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.

    As a result, attackers can potentially intercept sensitive information, such as credit card numbers, passwords, emails, and photos. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

    Note that the attacks do not recover the password of any Wi-Fi network, according to Vanhoef. They also do not recover any parts of the fresh encryption key that is negotiated during the four-way handshake.

    Websites properly configured with HTTPS have an additional layer of protection, but an improperly configured site can be exploited to drop this encryption, so Vanhoef warned that it is not reliable protection.

    Since the vulnerabilities exist in the Wi-Fi standard itself, nearly any router and device that supports Wi-Fi is likely affected, including Macs and iOS devices. Android and Linux devices are particularly vulnerable since they can be tricked into installing an all-zero encryption key instead of reinstalling the real key.
    As a proof-of-concept, Vanhoef executed a key reinstallation attack against an Android smartphone. In the video demonstration below, the attacker is able to decrypt all data that the victim transmits.

    iOS devices are vulnerable to attacks against the group key handshake, but they are not vulnerable to the key reinstallation attack.

    Fortunately, the vulnerabilities can be patched, and in a backwards-compatible manner. In other words, a patched client like a smartphone can still communicate with an un-patched access point like a router.

    Vanhoef said he began disclosing the vulnerabilities to vendors in July. US-CERT, short for the United States Computer Emergency Readiness Team, sent out a broad notification to vendors in late August. It is now up to device and router manufacturers to release any necessary security or firmware updates.

    Despite the vulnerabilities, Vanhoef says the public should still use WPA2 while waiting for patches. In the meantime, steps users can take to mitigate their threat level in the meantime include using a VPN, using a wired Ethernet connection where possible, and avoiding public Wi-Fi networks.

    Vanhoef is presenting his research behind the attack at both the Black Hat Europe and Computer and Communications Security conferences in early November. His detailed research paper (PDF) is available today.

    Article Link: Major Wi-Fi Vulnerabilities Uncovered Put Millions of Devices at Risk, Including Macs and iPhones
  2. Quu macrumors 68030


    Apr 2, 2007
    Some providers have already released router side patches to fix this (Mikrotek's RouterOS for example). I'm hopeful most good providers (Asus, Unifi etc) will have patches out within the next two weeks.
  3. flyingspur macrumors regular


    Aug 5, 2013
    Dallas TX
    Not surprised! Get your cables on! Use HTTPS! No Banking on WiFi!
  4. MacLawyer macrumors demi-god


    Aug 1, 2009
    So.....that's nice.

    Wonder if simply enabling VPN such as Cloak on your home network would do the trick.
  5. elmancho macrumors 6502


    Nov 5, 2008
    Paris, France
  6. Futurix macrumors 6502


    Nov 22, 2011
  7. realeric macrumors 65816


    Jun 19, 2009
    United States
    Oh. It’s really a bad news. Most wifi routers in public place are not updated well.
  8. centauratlas macrumors 65816


    Jan 29, 2003
    I hope they update all their AirPorts and Time Capsules, but I am not hopeful. In this case, I hope I am wrong.
  9. Glideslope macrumors 603


    Dec 7, 2007
    A quiet place in NY.
    Will Apple patch an a/c Airport Extreme? Or is it time to purchase a new router? Suggestions for seamless Mac use? :apple:
  10. brianvictor7 macrumors 65816


    Oct 24, 2013
    United States
    Can you imagine the reaction if this news had been released on Friday the Thirteenth?

  11. Chupa Chupa macrumors G5

    Chupa Chupa

    Jul 16, 2002
    Question I have is will Apple since they have abandoned Airport development. If so how far down the model line will they patch. I have the last APE but also some last gen APX I use as satellites. So I'm hoping Apple patches for all models with WPA2 capability. This will be a test to see how much it really cares about user security with it's response time and comprehensiveness since the patch isn't that difficult from what I've read.
  12. morcutt11 macrumors 6502


    Jun 26, 2015
    This can't be overstated. How many hotels, Starbucks, etc. even know what "firmware" is or how to access their WiFi settings? And just think of all the cheap Chinese routers out there that will never see updates from the manufacturer.
  13. OneBagTravel macrumors 6502


    Oct 18, 2013
    Never trust public Wifi. Here's hoping for an airport extreme update.
  14. al256 macrumors 6502a


    Jun 7, 2001
    Apple needs to either drop their Airport and Time Capsule products or publicly affirm their commitment to bringing out new products which resolve this vulnerability. I'm not sure how long this will take to develop and release but don't leave us waiting a product which they have no intention of releasing.
  15. benthewraith macrumors 68040


    May 27, 2006
    Miami, FL
    It's something that can be patched with firmware, not hardware replacement.
  16. noxex macrumors newbie

    Oct 16, 2017
    I've been seeing a lot of misinformation about this. This vulnerability only affects CLIENTS. So unless your AP is bridging to another AP, updating the AP will do no good. The clients themselves must be updated.
  17. StevieD100 macrumors 6502a


    Jan 18, 2014
    Living Dangerously in Retirement
    That's why I always use a VPN from a device that I want to use in places like Starbucks. Also gets around stupid restrictions on what I can view in foreign parts.
  18. RecentlyConverted macrumors 6502a

    Oct 21, 2015
    I hope so recently bought two TCs. They are still for sale and not officially discontinued.
  19. Kaibelf macrumors 68020


    Apr 29, 2009
    Silicon Valley, CA
    Too early to tell yet, but I suspect Apple will do a patch as this one seems to fall into that category where they tend to be rather responsive.
  20. GadgetBen macrumors 6502a


    Jul 8, 2015
    I’ll be fine then. I live in the Countryside. If anyone comes within range the dogs will get them.
  21. Chupa Chupa macrumors G5

    Chupa Chupa

    Jul 16, 2002
    Why is the response from manufacturers so slow on something this important?
  22. Porco macrumors 68030


    Mar 28, 2005
    Well this is bad. :eek:

    I hope Apple (well, and ... everyone!) patches this on as many of its devices as possible, as soon as possible.
  23. mabaker macrumors 65816


    Jan 19, 2008
    Steve would have NEVER allowed this! SMH Tim is running Apple into ground. #bringbackPPC
  24. Chupa Chupa macrumors G5

    Chupa Chupa

    Jul 16, 2002
    This is only tangentially related to Apple because they made and still sell routers so why bring that troll line up even in sarcasm? The flaw is in the Wi-Fi standard itself.
  25. DNichter macrumors G3


    Apr 27, 2015
    Philadelphia, PA
    I am assuming this would affect ALL devices connected to any router using this protocol, correct?

Share This Page