Yuck

by Karl Denninger, Market Ticker:

This wasn't what I wanted to wake up to this morning:

The security protocol used to protect the vast majority of wifi connections has been broken, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks, according to the researcher who discovered the weakness.

This one is very bad folks; I've read the paper and related CVEs.

The attack results from a problem in how keys are negotiated between a WiFi router and client.  It's supposed to be impossible (with a proper key negotiation) to force a "favored" key or re-use of a temporal key.  This is enforced by using what is called a nonce; a sequence of random numbers that are used just once ("Number ONCE").

Unfortunately the standard itself left open a way to force the "other end" to reuse a nonce.  This is very bad because you can use this sort of attack to trick the other end into installing a session key you know; such as "all zeros."  Once you've done that you can of course decrypt anything the victim sends because you have the key, and once broken you also have access to all future key renegotiations as long as you remain "in-range".

Encryption relies on not just one but two things being unknown, especially during key negotiation: The key and the content.  If someone can force the key (including the nonce) to be reused with known content then you're in big trouble.

Note that contrary to popular belief the "key" you put into a router is not the actual encryption key.  The password is a "seed" which is used to negotiate a key; the actual negotiated key changes from time to time.

The flaw itself is not hard to patch but there's a severe problem with this particular issue because an utterly huge number of devices use "allegedly-secure" WiFi and many of them don't ever get updated.  In addition you don't need physical access to attack a device using this, of course -- you need merely to be within WiFi range of it.

Consider this: Virtually every cellphone out there has WiFi in it and many are orphaned by their manufacturers, receiving no future updates at all.  These devices, along with nearly all "consumer" WiFi access points in homes and small businesses will never be fixed.

The impact of this flaw means that the majority of consumer cellphones now in-service will never receive a patch for this and will remain vulnerable until they are discarded by their owners, and in addition the majority of consumer and small-business WiFi access points will never be patched and will remain vulnerable for years if not a decade or longer.

As things stand right now commercial WiFi networks in places such as bars, restaurants and other retail environments are extraordinarily vulnerable as these tend to rely on embedded software, some of which will probably not be patched and most of these networks carry sensitive customer data including credit card swipe data.  PCI requires encrypted storage and transmission but if the encryption is in fact worthless then the integrity of these networks are in big trouble.  The recent proliferation of "at table" tablets for bill paying and similar is going to make this much worse than it would otherwise be. 

Our failure as a nation to force chip cards across-the-board, unlike virtually every other country (chip cards have a one-time negotiated key used for transactions and thus "capturing" them is of little value) is likely going to result in severe exposures across the retail landscape for the next several years.

Yeah.

This one is "that good."

Read More @ Market-Ticker.org