A weakness was unveiled to the public a few days ago pertaining to the security of our wireless networks. This weakness, if exploited, has the capability to spy on users and read information submitted to websites like credit card numbers, passwords, chat, e-mail and photos. Attackers are able to read and manipulate data going in and out of a device – but worst of all, they’re able to force or “inject” things like ransomware (bad software that demands money to unlock a device or risk having all its data destroyed) or malware (bad software that can-do things like spy, record and bloat a device with more malware)
The weakness is not the devices themselves, but the security protocol (the way our wireless networks handle security) our wireless networks use called “WPA2”. The biggest problem of this is that a vast majority of wireless networks use this security protocol. Your operating system and antivirus does not affect this type of attack – whether you are on a Mac, Windows, Android or Linux –you may become a victim.
How it works, in English
You own a house.
Around your house you have a gate.
Around this gate you have a security guard that lets people in and out of your house.
You’re feeling lonely so, you invite some friends over. They can’t get passed the security guard without a super-secret password, which in this case it’s going to be “CatVideosAreGreat”. Your friend Eddy drives up to the gate and gives the security guard the password – the guard asks a few questions and puts a sticker on his windshield granting access to the house. He drives and parks his car somewhere in your driveway.
Now Steve on the other hand is weird. He doesn’t own a car, but he wants to come over as well. Even though your gate accommodates cars (because let’s admit, to drive to the gate and back is much faster than walking) you hired a guard that can identify your friends at a distance.
The only problem is when they’re exchanging information they have to yell at each other. No worries though – even though they’re yelling, they’re talking in a secret code like boys do in an exclusive “no girls allowed” club.
But you see, yelling at each other at a distance isn’t always reliable. Steven has a hearing problem, and the security guard needs to try to focus on Steven while toning out other background noise. He comes into distance and notices the Security Guard.
And yells, “Hey! CatVideosAreGreat aern’t they?”.
The security guard confirms, and nods back.
He replies, “Yes they are! By the way what is your name?”.
Steven replies with his name.
The Security guard confirms his name.
Then replies “Can you read me the ID on your drivers license?”
But Steven doesn’t hear anything, so he stays silent.
The Security guard asks the question several times, when Steven finally replies, with its “E7022dE”. The Security guard goes to his computer and writes down “0000000”. He issues a badge for him with the mistaken ID, not knowing that the badge has been compromised – it all looks normal to Steven.
Steven enters your house, goes through out his day to day activities with video games, reading articles like the ones on centralvalleycomputerparts.com, even uploads a few pictures to his Facebook account.
But, what Steven doesn’t know is that there was someone lurking in the shadows waiting for someone to go through the security guard without a car. That person – we will call him Tom, is watching for badge number “000000” and specifically following “000000”’s movements. These badge numbers that get assigned are unique, so no two people can have the same one.
Everything Steven does, Tom knows.
What’s Happening
Now, the story above is only about 70% true on how it happens (I didn’t want to fill it with technical jargon) but the concept is similar. The security guard is your router and the method he uses to check guests in and out is called WPA2. Somewhere in the middle of when the security guard is checking for ID and asking questions ( this is called the 4-way handshake), Tom is budding in secretly and changing responses the security guard hears. He wants the security guard to assign targets a badge that is easy for him to track and manipulate. The worst of it is that this isn’t the fault of the security guard. Just the way that he uses to authorize people in and out. Anyone that uses WPA2 authentication is affected, including public access points at McDonalds, Starbucks, and Target!
What is being done to correct this?
Manufactures are rolling out firmware updates as we speak, but you should also update any computer, phone, or tablet that you use as well. Although the average consumers private network is probably not at risk, you should update your routers firmware just in case (refer to your manufactures manual). Essentially giving your security guard new ways to keep Tom from trying to mess with everyone.
Lastly, as of 10/18/2017, you should avoid using public/private wifi until businesses have a chance to update as well. There has not been reports of anyone using this method maliciously, but that is not to stop someone from doing it now. This attack was discovered (by Mathy Vanhoef of imec-DistriNet, KU Leuven) months prior and was only released to the public after vendors and manufactures have been notified as well.
Some After Thought.
The good news is that the attacker needs to be in close proximity to perform this kind of exploit. They would not be able to initiate this from a remote location and companies are already in the process of fixing the problem. The exploit is only possible when connecting to a wireless network that uses WPA2 authentication, so using mobile data is completely fine. Be cautious when connecting to networks you do not fully trust, and finally -- protect yourself online as you would offline.
You can read the full paper linked here