It’s been a mildly rough week for Wi-Fi security: hard on the heels of a WPA2 weakness comes a programming cockup in the wpa_supplicant configuration tool used on Linux, Android, and other operating systems.
The flaw can potentially be exploited by nearby eavesdroppers to recover a crucial cryptographic key exchanged between a vulnerable device and its wireless access point – and decrypt and snoop on data sent over the air without having to know the Wi-Fi password. wpa_supplicant is used by Linux distributions and Android, and a few others, to configure the Wi-Fi for computers, gadgets, and handhelds.
This key is used in networks that employ EAPOL (Extensible Authentication Protocol over LAN). The good news is that no more than around 20 per cent of wireless networks will be vulnerable, it is estimated, because the attack requires TKIP and WPA2 to be in use – and no one should be using TKIP in 2018.
WPA2 shouldn’t be set up with TKIP as the latter is known to be weak anyway. However there’s still people out there using this combination. So, in short, just ensure TKIP is disabled.To recover group encryption keys, a snooper would have to make 128 connection attempts per octet, because an attacker’s bit-flips will make the four-way authentication handshake fail. Not only is this slow, it could crash the access point under attack.
Source: https://www.theregister.co.uk/2018/08/09/wifi_eapol_oracle_attack/
Submitted by: Arnfried Walbrecht
Comments are closed.