Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
Major Wi-Fi Vulnerabilities Uncovered Put Millions of Devices at Risk, Including Macs and iPhones
Mathy Vanhoef, a postdoctoral researcher at Belgian university KU Leuven, has discovered and disclosed major vulnerabilities in the WPA2 protocol that secures all modern protected Wi-Fi networks.
Vanhoef said an attacker within range of a victim can exploit these weaknesses using so-called KRACKs, or key reinstallation attacks, which can result in any data or information that the victim transmits being decrypted. Attackers can eavesdrop on network traffic on both private and public networks.
As explained by Ars Technica, the primary attack exploits a four-way handshake that is used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it's resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.
As a result, attackers can potentially intercept sensitive information, such as credit card numbers, passwords, emails, and photos. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.
Note that the attacks do not recover the password of any Wi-Fi network, according to Vanhoef. They also do not recover any parts of the fresh encryption key that is negotiated during the four-way handshake.
Websites properly configured with HTTPS have an additional layer of protection, but an improperly configured site can be exploited to drop this encryption, so Vanhoef warned that it is not reliable protection.
Since the vulnerabilities exist in the Wi-Fi standard itself, nearly any router and device that supports Wi-Fi is likely affected, including Macs and iOS devices. Android and Linux devices are particularly vulnerable since they can be tricked into installing an all-zero encryption key instead of reinstalling the real key.
iOS devices are vulnerable to attacks against the group key handshake, but they are not vulnerable to the key reinstallation attack.
Fortunately, the vulnerabilities can be patched, and in a backwards-compatible manner. In other words, a patched client like a smartphone can still communicate with an un-patched access point like a router.
Vanhoef said he began disclosing the vulnerabilities to vendors in July. US-CERT, short for the United States Computer Emergency Readiness Team, sent out a broad notification to vendors in late August. It is now up to device and router manufacturers to release any necessary security or firmware updates.
Despite the vulnerabilities, Vanhoef says the public should still use WPA2 while waiting for patches. In the meantime, steps users can take to mitigate their threat level in the meantime include using a VPN, using a wired Ethernet connection where possible, and avoiding public Wi-Fi networks.
Vanhoef is presenting his research behind the attack at both the Black Hat Europe and Computer and Communications Security conferences in early November. His detailed research paper (PDF) is available today.
Vanhoef said an attacker within range of a victim can exploit these weaknesses using so-called KRACKs, or key reinstallation attacks, which can result in any data or information that the victim transmits being decrypted. Attackers can eavesdrop on network traffic on both private and public networks.
As explained by Ars Technica, the primary attack exploits a four-way handshake that is used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it's resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.
As a result, attackers can potentially intercept sensitive information, such as credit card numbers, passwords, emails, and photos. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.
Note that the attacks do not recover the password of any Wi-Fi network, according to Vanhoef. They also do not recover any parts of the fresh encryption key that is negotiated during the four-way handshake.
Websites properly configured with HTTPS have an additional layer of protection, but an improperly configured site can be exploited to drop this encryption, so Vanhoef warned that it is not reliable protection.
Since the vulnerabilities exist in the Wi-Fi standard itself, nearly any router and device that supports Wi-Fi is likely affected, including Macs and iOS devices. Android and Linux devices are particularly vulnerable since they can be tricked into installing an all-zero encryption key instead of reinstalling the real key.
This vulnerability appears to be caused by a remark in the Wi-Fi standard that suggests to clear the encryption key from memory once it has been installed for the first time. When the client now receives a retransmitted message 3 of the 4-way handshake, it will reinstall the now-cleared encryption key, effectively installing an all-zero key.As a proof-of-concept, Vanhoef executed a key reinstallation attack against an Android smartphone. In the video demonstration below, the attacker is able to decrypt all data that the victim transmits.
iOS devices are vulnerable to attacks against the group key handshake, but they are not vulnerable to the key reinstallation attack.
Fortunately, the vulnerabilities can be patched, and in a backwards-compatible manner. In other words, a patched client like a smartphone can still communicate with an un-patched access point like a router.
Vanhoef said he began disclosing the vulnerabilities to vendors in July. US-CERT, short for the United States Computer Emergency Readiness Team, sent out a broad notification to vendors in late August. It is now up to device and router manufacturers to release any necessary security or firmware updates.
Despite the vulnerabilities, Vanhoef says the public should still use WPA2 while waiting for patches. In the meantime, steps users can take to mitigate their threat level in the meantime include using a VPN, using a wired Ethernet connection where possible, and avoiding public Wi-Fi networks.
Vanhoef is presenting his research behind the attack at both the Black Hat Europe and Computer and Communications Security conferences in early November. His detailed research paper (PDF) is available today.
[ 132 comments ]
Top Rated Comments
(View all)
23 months ago
I’ll be fine then. I live in the Countryside. If anyone comes within range the dogs will get them.
23 months ago
So, everyone who can pick up my Wifi can know what I'm doing.. Thanks to Google every marketing company knows what I'm doing.. Thanks to the terrorist threat, every government seems to know what I'm doing..
I seem to be the only one who doesn't have any idea what I'm doing.
I seem to be the only one who doesn't have any idea what I'm doing.
23 months ago
Time for AirPort Extreme firmware update...
Question I have is will Apple since they have abandoned Airport development. If so how far down the model line will they patch. I have the last APE but also some last gen APX I use as satellites. So I'm hoping Apple patches for all models with WPA2 capability. This will be a test to see how much it really cares about user security with it's response time and comprehensiveness since the patch isn't that difficult from what I've read.
23 months ago
I've been seeing a lot of misinformation about this. This vulnerability only affects CLIENTS. So unless your AP is bridging to another AP, updating the AP will do no good. The clients themselves must be updated.
23 months ago
Apple needs to either drop their Airport and Time Capsule products or publicly affirm their commitment to bringing out new products which resolve this vulnerability. I'm not sure how long this will take to develop and release but don't leave us waiting a product which they have no intention of releasing.
It's something that can be patched with firmware, not hardware replacement.
23 months ago
Time for AirPort Extreme firmware update...
I hope they update all their AirPorts and Time Capsules, but I am not hopeful. In this case, I hope I am wrong.
[ Read All Comments ]
For this week's giveaway, we've teamed up with Reolink to offer MacRumors readers a chance to win an Argus 2 wire-free rechargeable home camera and a solar panel for charging it up outdoors.
...
Apple Music has renamed its "The A-List: Hip-Hop" playlist to "Rap Life."
Ebro Darden, global editorial head of hip-hop and R&B at Apple Music, will host a companion...
Samsung is believed to be Apple's exclusive supplier of OLED displays for iPhones, but it may have company soon.
In a research note shared with MacRumors, Barclays analysts said fellow...
1Password has restored the option for customers who originally purchased its iOS app to create a local vault during setup, after users queued up online to voice their frustrations with the fact that...
Apple is planning to open an office in highly desired location in Vancouver, Canada reports Bloomberg. The company has leased space in a 24-story office building at 400 West Georgia owned by...
Elevation Lab, known for its line of popular iPhone charging docks, today released the FamilyCharger, a multi-charging setup designed to allow you to charge all of your devices in one place.
The...
Apple today seeded the third beta of an upcoming macOS Catalina update to its public beta testing group, two weeks after seeding the second public beta and a day after seeding the fourth developer...
Apple today seeded the third beta of an upcoming tvOS 13 update to its public beta testing group, two weeks after seeding the second public beta and day after seeding the fourth developer beta of...
