Do you think your wireless network is secure because you’re using WPA2 encryption?
If yes, think again!
Mathy Vanhoef, a researcher from the University of Leuven (KU Leuven), has discovered a severe flaw in the Wi-Fi Protected Access II (WPA2) protocol that secures all modern protected Wi-Fi networks.
The flaw affects the WPA2 protocol itself and is not specific to any software or hardware product.
Basic understanding of AES-CTR encryption in WPA2 and the peril of packet number reuse therein is essential to comprehend these vulnerabilities.
WPA2 encryption process:
Vanhoef has named his attack KRACK, which stands for Key Reinstallation Attack. The researcher describes the attack as the following:
Our main attack is against the 4-way handshake of the WPA2 protocol. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to confirm that both the client and access point possess the correct credentials (e.g. the pre-shared password of the network). At the same time, the 4-way handshake also negotiates a fresh encryption key that will be used to encrypt all subsequent traffic. Currently, all modern protected Wi-Fi networks use the 4-way handshake. This implies all these networks are affected by (some variant of) our attack. For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES. All our attacks against WPA2 use a novel technique called a key reinstallation attack (KRACK).
In simpler terms, KRACK allows an attacker to carry out a MitM and force network participants to reinstall the encryption key used to protected WPA2 traffic. The attack also doesn’t recover WiFi passwords.
According to the researchers, the newly discovered attack works against:
– Both WPA1 and WPA2,
– Personal and enterprise networks,
– Ciphers WPA-TKIP, AES-CCMP, and GCMP
In short, if your device supports WiFi, it is most likely affected. During their initial research, the researchers discovered that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by the KRACK attacks.
It should be noted that the KRACK attack does not help attackers recover the targeted WiFi’s password; instead, it allows them to decrypt WiFi users’ data without cracking or knowing the actual password.
So merely changing your Wi-Fi network password does not prevent (or mitigate) KRACK attack.
The research, titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, has been published by Mathy Vanhoef of KU Leuven and Frank Piessens of imec-DistriNet, Nitesh Saxena and Maliheh Shirvanian of the University of Alabama at Birmingham, Yong Li of Huawei Technologies, and Sven Schäge of Ruhr-Universität Bochum. We can read research in here.
The team has successfully executed the key reinstallation attack against an Android smartphone, showing how an attacker can decrypt all data that the victim transmits over a protected WiFi. You can watch the proof-of-concept (PoC) video.
Here’s How the KRACK WPA2 Attack Works:
The researchers say their key reinstallation attack could be exceptionally devastating against Linux and Android 6.0 or higher, because “Android and Linux can be tricked into (re)installing an all-zero encryption key”.
However, there’s no need to panic, as you aren’t vulnerable to just anyone on the internet because a successful exploitation of KRACK attack requires an attacker to be within physical proximity to the intended WiFi network.
The following CVE identifiers will help you track if your devices have received patches for the WPA2 flaws Vanhoef discovered.
CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
The researchers discovered the vulnerabilities last year, but sent out notifications to several vendors on July 14, along with the United States Computer Emergency Readiness Team (US-CERT), who sent out a broad warning to hundreds of vendors on 28 August 2017.
Pretty sneaky, Microsoft. While some vendors were scrambling to release updates to fix the KRACK Attack vulnerability released on October 16th, Microsoft, quietly snuck the fix into last week’s Patch Tuesday.
While Windows users were dutifully installing October 10th’s Patch Tuesday security updates, little did they know they were also installing a fix for the KRACK vulnerability that was not publicly disclosed until October 16th. This fix was installed via a cumulative update that included over 25 other updates, but didn’t provide any useful info until you visited the associated knowledge basic article.
How to fix the KRACK Vulnerability?
According to researchers, the communication over HTTPS is secure (but may not be 100 percent secure) and cannot be decrypted using the KRACK attack. So, you are advised to use a secure VPN service—which encrypts all your Internet traffic whether it’s HTTPS or HTTP.
The first thing you should do is not panic. While this vulnerability could allow an attacker to eavesdrop on or modify data being transmitted over wireless connections, at the same time, this attack is not going to be easy to pull off and a working exploit has not been published as of yet.
The good news is that this is a highly covered vulnerability and vendors will quickly release updates to fix this flaw. For consumers and business users, this means updating your router, access point, wireless network adapters, and devices with new firmware and drivers as they are released.