The standard for Wi-Fi security turns out to be compromised. A new study by Belgium's KU Leuven university demonstrates that hackers can break in during execution of the security protocol. This means internet traffic can be intercepted or malware can be installed via malicious website elements.

Researcher Mathy VanHoef hacked WPA2, announcing his discovery on Monday. He will be speaking about this on Wednesday, at the Computer and Communications Security (CCS) conference.

The hack affects every device that supports Wi-Fi and therefore has a far-reaching impact. All telephones and laptops are vulnerable, iPhones, MacBooks, Windows PCs or Android phones. VanHoef recommends everyone install the security updates as soon as possible.

However, it's unclear as to whether VanHoef is the first to discover this vulnerability. So no one knows whether any hackers have misused this security loophole in recent years to already break into all sorts of Wi-Fi enabled devices.

 

Handshake

WPA2 has been with us since 2004 and is the safest protocol for securing your Wi-Fi. WPA (Wi-Fi Protected Access) uses a complicated process to establish for certain whether the person logging into a network really is who they say they are. The user's device simultaneously does the same: it determines whether or not the Wi-Fi network is the 'real' network. These '4-way handshakes' appear to be very secure. The user enters the WPA2 password, which is set up at the moment the Wi-Fi is configured, and everything is done and dusted.

However, VanHoef and his colleague, Frank Piessens, discovered that it is possible to break into the verification process. At step three of the four-step procedure, a new encryption key is generated using the Wi-Fi password. If this key is the same for both Wi-Fi and device, it appears to be secure. However, it turns out that message three can be sent more than once, and that the process 'resets' itself every time at step three. Smart hackers like VanHoef and Piessens can use or misuse this process to embed all sorts of data packets in the verification process. They can also resend and intercept the packets.

 

Embedded in the system

It's unusual that this vulnerability has taken so long to come to light. After all, we're not talking about a minor error in a specific piece of software; the hackability is actually embedded in the system. The four-step plan appeared to be failsafe, but it's anything but.

Although the makers of devices that support Wi-Fi will undoubtedly release appropriate updates, perhaps it's high time to look at a new encryption protocol for wireless Internet. That's what happened in 2003, when the predecessor to WPA, WEP, was revealed to be beset with problems. A year after WPA, we saw the release of WPA2, which was (even) more secure.

By the way, VanHoef and Piessens have experience in breaking into Wi-Fi protocols. In 2013, they already demonstrated that WPA was vulnerable. That vulnerability was eliminated in WPA2. Now the two Belgians have managed to find another way to hack even the most sophisticated Wi-Fi encryption key.

Did you like this article? Subscribe to our weekly newsletter.
 

Image: Khaase