News Categories

KRACK is a Wi-Fi exploit that targets flaws in WPA2 security

By Michael Low & Koh Wanzi - on 17 Oct 2017, 10:45am

KRACK is a Wi-Fi exploit that targets flaws in WPA2 security

Image source: Tech Radar.

We’ve been told that the best thing to do when setting up a home Wi-Fi network is to check the WPA2 box. You know, because WEP is riddled with flaws. That’s good advice, but it may not be quite so secure anymore.

Researchers have published details of a major new vulnerability in Wi-Fi security, which potentially allows hackers to intercept data transmitted from a wireless device, including sensitive information thought to be encrypted, such as passwords, chat messages, and even credit card numbers.

More importantly, the flaw affects all modern protected Wi-Fi networks, and researchers said that it is also possible to inject and manipulate data, so attackers could inject malware into websites.

The exploit has been dubbed KRACK, which stands for key reinstallation attack, and it takes advantage of several key management flaws in the Wi-Fi Protected Access II (WPA2) security protocol.

And because these weaknesses exist in the WPA2 standard itself and not individual products, any device that supports Wi-Fi is likely affected.

KRACK works by attacking the four-way handshake that all client devices execute when joining a protected Wi-Fi network.

Normally, this confirms that both the client and the access point have the correct credentials, such as the Wi-Fi password, and it also negotiates a new encryption key that will encrypt all subsequent traffic in the user’s session.

The latter step is the third step in the four-step process, and KRACK tricks a vulnerable client into reinstalling an already-in-use key by forcing the cryptographic handshake messages to be replayed over and over again.

The Access Point usually retransmits the key if it does not receive an appropriate response from the device in order to account for lost or dropped messages. Each time a client receives this message, it reinstalls the same encryption key, which then resets the counters for how many packets of data have been sent or received for a particular key.

Unfortunately, KRACK can force these resets by collecting and replaying transmissions of this third message, which allows hackers to replay, decrypt, or even forge data packets.

It’s not all doom and gloom, however. The good news is that KRACK is incredibly hard to execute. For instance, an attacker would need to be within range of a targeted Wi-Fi network to execute the deed, so you’re probably safe at home or in the office (unless your neighbors or co-workers are secretly elite hackers).

Patches are also already rolling out, and Microsoft has already released a fix for supported Windows versions. Apple has patched the exploit in beta versions of iOS, tvOS, watchOS, and macOS as well, and these should go out to consumers in a few weeks.

On Google’s end, it’s promised to have a patch in the coming weeks. The company’s Pixel devices will be the first to get a fix on November 6, but other Android phones probably won’t be so lucky. This is particularly important because Android phones are especially vulnerable, with researchers saying that Android 6.0 and up contains a flaw that “makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices.”

In the meantime, there are certain precautions you can take, such as updating all of your wireless devices and staying off public Wi-Fi networks where possible. You can also opt to use a wired Ethernet connection and cellular data on your phone.

Source: Mathy Vanhoef.