The National CERT of the Republic of Serbia (SRB-CERT) is informing and warning all computer and mobile device users about the detected vulnerability of the WPA2 protocol (Wi-Fi Protected Access II).
The research work of the IMEC-DistriNet Research Group enabled the detection of a major vulnerability in the WPA2 protocol which secures all protected Wi-Fi networks. By exploiting this vulnerability, the attackers can steal sensitive information like user credentials, passwords, credit card or bank account numbers, etc.
At the moment, users who access the Internet via either protected or unprotected public Wi-Fi networks (in restaurants, cafes, hotels, shopping malls, public transportation, culture and education institutions, etc) are most likely to be exposed to attacks. In order to be able to exploit the WPA2 protocol vulnerabilities, the attacker must be in the immediate vicinity of the targeted access point. Hence, only the users connected to the same access point as the attacker can be affected.
Whenever someone joins a Wi-Fi network, a "4-way handshake" of the WPA2 protocol is executed to produce a fresh encryption key for all subsequent Wi-Fi network traffic. To guarantee security, a key should be installed and used only once. But, by using the key reinstallation attack (KRACK), the attacker can trick the victim's device into reinstalling an already-in-use key, allowing him to steal sensitive information or even inject malware into a website, depending on the network configuration. Additionally, the attacker can modify the DHCP (Dynamic Host Configuration Protocol) settings and thus enable DNS misuse in order to direct users to malicious websites.
SRB-CERT advises all users to update their Wi-Fi-enabled devices as soon as a software update is made available. An alternative solution for providing an additional protection level would be to use a secure VPN (Virtual Private Network) or other protected Internet protocols (HTTPS, Secure Shell, etc.).