WPA2 Wi-Fi Security at Risk

The US government’s computer security watchdog warned of a security flaw in Wi-Fi encryption protocol which can open the door to attacks to eavesdrop on or hijack devices using wireless networks. 

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2:

wifi_cloud.jpg"All protected Wi-Fi networks use the 4-way handshake to generate a fresh session key.

So far, this 14-year-old handshake has remained free from attacks, and is even proven secure. However, we show that the 4-way handshake is vulnerable to a key reinstallation attack.

Here, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying handshake messages.

When reinstalling the key, associated parameters such as the incremental transmit packet number (nonce) and receive packet number (replay counter) are reset to their initial value.

Our key reinstallation attack also breaks the PeerKey, group key, and Fast BSS Transition (FT) handshake. The impact depends on the handshake being attacked, and the data-confidentiality protocol in use.

Simplified, against AES-CCMP an adversary can replay and decrypt (but not forge) packets. This makes it possible to hijack TCP streams and inject malicious data into them.

Against WPATKIP and GCMP the impact is catastrophic: packets can be replayed, decrypted, and forged. Because GCMP uses the same authentication key in both communication directions, it is especially affected."

https://papers.mathyvanhoef.com/ccs2017.pdf