WPA2 (Wi-Fi Protected Access II) — the WiFi security protocol which considers safeguarding a vast majority of wifi connections has now been compromised to a deadly vulnerability called Key Reinstallation Attacks or KRACK.
Belgian researchers Mathy Vanhoef and Frank Piessens of the University of Leuven discovered and published the details of the attack that affects all major software platforms, including Microsoft Windows, macOS, iOS, Android, and Linux.
WPA2 became the most trusted security protocol that encrypts traffic on Wi-Fi networks to prevent eavesdroppers for last 13 years. In short, WPA2 networks are absolutely everywhere. Since KRACK WPA2 Wi-Fi Vulnerability utilizes a weakness in the WPA2 protocol to recover the key used to encrypt traffic between a client and an access point. The scary part is in some situations an attacker within range of a victim can also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.
According to Vanhoef’s research group, “attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks“.
Since the weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations, almost all devices that support WiFi are going to be a KRACK victim. Vanhoef recommends, “To prevent the attack, users must update affected products as soon as security updates become available“.
How attacker use KRACK vulnerability?
As a part of demonstration Vanhoef’s group executed KRACK WPA2 Wi-Fi Vulnerability attack against an Android smartphone. During the demo, the attacker was able to decrypt all data that the victim transmits.
According to researchers, KRACK attack is exceptionally devastating against Linux and Android 6.0 or higher. This is because Android and Linux can be tricked into (re)installing an all-zero encryption key. About attacking other devices, it is harder to decrypt all packets, although a large number of packets can nevertheless be decrypted. In any case, the following demonstration highlights the type of information that an attacker can obtain when performing key reinstallation attacks against protected Wi-Fi networks:
Vanhoef also points out that 4-way handshake weakness causes WPA2 protocol vulnerable. This handshake is executed when a client wants to join a protected Wi-Fi network and is used to confirm that both the client and access point possess the correct credentials. The four-way handshake also generates a new encryption key—the third communication in the four-step process—to protect the user’s session.
And the KRACK vulnerability allows hackers to trick a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. And the attacker can replay and decrypt packets, and even forge packets in some cases.
Unfortunately, KRACK vulnerability is not only limited to recovering login credentials but also any data or information that the victim transmits can be decrypted. Also, the attack is capable to decrypt data sent towards the victim (e.g. the content of a website) even though websites or apps use HTTPS as an additional layer of protection.
Researchers indexed following Common Vulnerabilities and Exposures (CVE) identifiers to track which products are affected by specific instantiations of KRACK :
- CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
- CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
- CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
- CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
- CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
- CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
- CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
- CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
- CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
- CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
Also, research paper behind the attack is titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 and will be presented at the Computer and Communications Security (CCS) conference on Wednesday 1 November 2017.
