Featured

Spectre & Meltdown

Image
                                     Meltdown & Spectre First Off i Wanna apologize to My Readers for my long absence, a lot of crucial things have been happening in my life for the past 4-5 months, and finally my high school is over and i'm waiting for my reports. From now on, i'll be posting blogs every two weeks or so (that'll get shorter soon). Today's blog is all about Meltdown and Spectre, these are the two security bugs that can cause chaos to almost any processor that has been manufactured till this day.  Most of the viruses tries to exploit the vulnerability in the code of a specific program they are designed to infect, this means that they can't affect programs or OSes they are not designed to affect so to a level we are almost safe. But the problem with these two are they function on a much closer to a hardware level so they can exploit almost any process...
Post a Comment
                                                     
https://www.facebook.com/shahineyyhttps://www.instagram.com/subnet_guyhttps://twitter.com/shahineyy

KRACK Attacks What is it ?

Key Reinstallation Attack Breaking WPA2 by Forcing Nonce Reuse

Hey there READERS!

Instead of How-to Post, today I'm Gonna be Posting About a Vulnerability Which Has Recently Been Discovered by Mathy Vanhoef

Mathy Vanhoef, a postdoctoral computer researcher said: 

We have discovered serious weaknesses in WPA2, a protocol that secures all modern protected WI-FI Networks. An attacker within the range of a victim can exploit these weaknesses using Key Re-installation Attacks (KRACKs)

As you might have heard or read About WPA2 (Wireless Protected Access II) the most common wireless protocol that you’ll find in use on networks such as home, public cafes, etc.

Researchers have Found a serious flaw in the protocol which allows hackers within the range of the network decrypt password and access internet traffic. It can allow attackers to steal information such as credit cards, passwords, chat messages, email, photos, etc. An attacker might also be able to inject and manipulate data.

And Depending On the network a hacker might be able to inject ransomware or malware into websites Wi-Fi Survey Shows That 60 percent of the AP Uses WPA2. He Says that the issue is not with the implementing of various products but it is with the standard itself.
Vanhoef Explains in His Site:

Our main attack is against the 4-way handshake of the WPA2 prtotcol This handshake is Executed when a client wants to join a protected WI-FI network & is used to confirm that both client and access point possess the correct credentials. At the same time the 4 way handshake also negotiates a fresh encryption key that will be used to encrypt all subsequent traffic. Currently all networks use 4 way handshakes this implies all these networks are affected by some variant of our attack

When a device Is joined It has to go through a 4-way Handshake, like Sending 4 messages to & Fro. The access point can resend these messages if it doesn't get through the Attack takes the message and sends it back 

You Can Watch Vanhoef Demonstrate the Attack with Explanation Below:


While almost every supported device and OS is at the risk of being attacked, it appears some operating systems can have far more deadly consequences, namely, Android and Linux in which wpa_supplicant is the Wi-Fi client commonly used on Linux and Android (6.0 and above).

Vanhoef Explains the Attack in his Website:

As Described in the introduction of the research paper, the idea behind a key reinstallation attack can be summarized as follows. When a client joins a network, it executes the 4-way handshake to negotiate a fresh encryption key. It will install this key after receiving message 3 of the 4-way handshake. Once the key is installed, it will be used to encrypt normal data frames using an encryption protocol. However, because messages may be lost or dropped, the Access Point (AP) will retransmit message 3 if it did not receive an appropriate response as acknowledgment. As a result, the client may receive message 3 multiple times. Each time it receives this message, it will reinstall the same encryption key, and thereby reset the incremental transmit packet number (nonce) and receive replay counter used by the encryption protocol. We show that an attacker can force these nonce resets by collecting and replaying retransmissions of message 3 of the 4-way handshake. By forcing nonce reuse in this manner, the encryption protocol can be attacked, e.g., packets can be replayed, decrypted, and/or forged. The same technique can also be used to attack the group key, Peer Key, TDLS, and fast BSS transition handshake.

Android & Linux

"Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux. Here, the client will install an all-zero encryption key instead of reinstalling the real key. This vulnerability appears to be caused by a remark in the Wi-Fi standard that suggests to clear the encryption key from memory once it has been installed for the first time. When the client now receives a retransmitted message 3 of the 4-way handshake, it will reinstall the now-cleared encryption key, effectively installing an all-zero key. Because Android uses wpa_supplicant, Android 6.0 and above also contains this vulnerability. This makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices. Note that currently 50% of Android devices are vulnerable to this exceptionally devastating variant of our attack."


The Common Vulnerabilities and Exposures (CVE) Are Currently Tracking Various instantiations of the attack and are yet to be published.

  • CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
  • CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
  • CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
  • CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
  • CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
  • CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
  • CVE-2017-13084: Reinstallation of the STK key in the Peer Key handshake.
  • CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) key in the TDLS handshake.
  • CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
  • CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
On November 1, the researchers will discuss their paper titled “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2” at the ACM Conference on Computer and Communications Security, Dallas.
It’s not likely for most affected Wi-Fi routers and access points to receive patches immediately, and we can only pray for the older ones. However, it might not be the case that the attackers are actively exploiting the vulnerabilities in the wild. You can take care of a few things as a protective measure:

·         Prefer HTTPS over HTTP.
·         Don’t provide confidential details over unencrypted connections as they’re sent in plain text.
·         Use VPN services to add an extra layer of security.
·         Don’t use public Wi-Fi networks unless it’s necessary.
·         Prevent yourself from visiting unknown websites or installing software from untrusted sources.

You can read About the Attack in Detail HERE


Sources: KRACK Attacks, Foss bytesINVERSE INNOVATION .

Comments

Post a Comment

Popular posts from this blog

How To Know The Wi-Fi Password. Using Wifiphisher

Image
Know The Wi-Fi Password. Using Wifiphisher In My First Tutorial I'm Going To Show You, How to Hack WiFi using wifiphisher. WiFiphisher is fast attack and reveals password without Taking Much of Your time. Wifiphisher Uses NO dictionaries, or brute force .  let’s get started... What Is Wifiphisher? Wifiphisher is a security tool that mounts automated phishing attacks against WiFi networks in order to obtain secret passphrases or other credentials. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages or WPA/WPA2 secret passphrases. How It Works... WiFiphisher creates an evil twin AP, then DoS's all User Data from AP and when users re-authenticate, they are redirected to fake AP with the same SSID. After connecting with fake AP, they will see a legitimate looking webpage that requests their password to “Upgrade fir...
Read more

Spectre & Meltdown

Image
                                     Meltdown & Spectre First Off i Wanna apologize to My Readers for my long absence, a lot of crucial things have been happening in my life for the past 4-5 months, and finally my high school is over and i'm waiting for my reports. From now on, i'll be posting blogs every two weeks or so (that'll get shorter soon). Today's blog is all about Meltdown and Spectre, these are the two security bugs that can cause chaos to almost any processor that has been manufactured till this day.  Most of the viruses tries to exploit the vulnerability in the code of a specific program they are designed to infect, this means that they can't affect programs or OSes they are not designed to affect so to a level we are almost safe. But the problem with these two are they function on a much closer to a hardware level so they can exploit almost any process...
Read more