Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session, upon receiving the users request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website.
What is the attack performed by Bobby in the above scenario?
A . Wardriving
B . KRACK attack
C . jamming signal attack
D . aLTEr attack
Answer: B
Explanation:
We discovered serious weaknesses in WPA2, a protocol that secures all trendy protected Wi-Fi networks. an attacker within range of a victim will exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers will use this novel attack technique to scan info that was previously assumed to be safely encrypted. this will be abused to steal sensitive info like mastercard numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. depending on the network configuration, it’s additionally doable to inject and manipulate information. as an example, an attacker can be ready to inject ransomware or alternative malware into websites. The weaknesses are within the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. to forestall the attack, users should update affected products as soon as security updates become offered. Note that if your device supports Wi-Fi, it’s most likely affected. during our initial analysis, we have a tendency to discovered ourselves that android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, area unit all affected by some variant of the attacks. For more info about specific products, consult the info of CERT/CC, or contact your merchant. The analysis behind the attack are presented at the pc and Communications Security (CCS) conference, and at the Black Hat Europe conference. Our detailed analysis paper will already be downloaded. Update October 2018: we’ve a follow-up paper wherever we generalize attacks, analyze additional handshakes, bypass Wi-Fi’s official defense, audit patches, and enhance attacks using implementation-specific bugs.
DEMONSTRATIONAs a proof-of-concept we have a tendency to executed a key
reinstallation attack against an robot smartphone. during this demonstration, the attacker is in a position to decrypt all information that the victim transmits. For an attacker this is often straightforward to accomplish, as a result of our key reinstallation attack is exceptionally devastating against UNIX system and robot half dozen.0 or higher. this is} as a result of robot and UNIX system can be tricked into (re)installing an all-zero encryption key (see below for additional info). once offensive other devices, it’s harder to decrypt all packets, though an outsized variety of packets will nevertheless be decrypted. In any case, the subsequent demonstration highlights the kind of knowledge that an attacker will acquire once activity key reinstallation attacks against protected Wi-Fi networks: Our attack isn’t restricted to sick login credentials (i.e. e-mail addresses and passwords). In general, any information or info that the victim transmits may be decrypted. in addition, counting on the device being employed and also the network setup, it’s additionally doable to decipher information sent towards the victim (e.g. the content of a website). though websites or apps might use HTTPS as a further layer of protection, we have a tendency to warn that this additional protection will (still) be bypassed during a worrying variety of things. as an example, HTTPS was previously bypassed in non-browser package, in Apple’s iOS and OS X, in robot apps, in robot apps once more, in banking apps, and even in VPN apps. DETAILS Our main attack is against the 4-way handshake of the WPA2 protocol. This handshake is executed once a consumer needs to hitch a protected Wi-Fi network, and is employed to confirm that each the consumer and access purpose possess the right credentials (e.g. the pre-shared secret of the network). At identical time, the 4-way handshake additionally negotiates a recent encoding key that may be wont to write all sequent traffic. Currently, all trendy protected Wi-Fi networks use the 4-way handshake. this suggests of these networks area unit suffering from (some variant of) our attack. for example, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and also the latest WPA2 normal, and even against networks that solely use AES. All our attacks against WPA2 use a completely unique technique known as a key reinstallation attack (KRACK):Key reinstallation attacks: high level descriptionIn a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. this is often achieved by manipulating and replaying science handshake messages. once the victim reinstalls the key, associated parameters like the progressive transmit packet variety (i.e. nonce) and receive packet variety (i.e. replay counter) area unit reset to their initial price. primarily, to ensure security, a key ought to solely be put in and used once. sadly, we have a tendency to found this is often not secure by the WPA2 protocol. By manipulating cryptographic handshakes, we are able to abuse this weakness in observe.
Key reinstallation attacks: concrete example against the 4-way handshake As represented within the introduction of the analysis paper, the concept behind a key reinstallation attack may be summarized as follows. once a consumer joins a network, it executes the 4-way handshake to barter a recent encoding key. it’ll install this key once receiving message three of the 4-way acknowledgement. Once the key’s put in, it’ll be wont to write traditional
information frames mistreatment associate encoding protocol. However, as a result of messages is also lost or born, the Access purpose (AP) can transmit message three if it didn’t receive an appropriate response as acknowledgment. As a result, the consumer might receive message three multiple times. every time it receives this message, it’ll instal identical encoding key, and thereby reset the progressive transmit packet variety (nonce) and receive replay counter utilized by the encryption protocol. we have a tendency to show that associate attacker will force these time being resets by collecting and replaying retransmissions of message three of the 4-way handshake. By forcing time being recycle during this manner, the encoding protocol may be attacked, e.g., packets may be replayed, decrypted, and/or solid. the same technique may also be wont to attack the cluster key, PeerKey, TDLS, and quick BSS transition handshake.
Leave a Reply