KRACK - Are we safe?
KRACK or Key Reinstallation Attack is an attack to the Wi-Fi standard discovered by Mathy
Vanhoef , a researcher in IT security of KU Leuven University.
This attack exploits the way in which Wi-Fi Protected Access (WPA and WPA2) processes the four-way handshake at the initial connection to an access point, allowing the attacker to access information otherwise encrypted. This vulnerability is present in WPA and WPA2 security protocols since their beginning 14 years ago.
How is this attack deployed?
The attack targets the four-way handshake directly. The procedure begins when the user joins a Wi-Fi protected network and is used to confirm that both the client and the access point have the correct credentials.
The four-way handshake gives authentication based on a secret shared PMK, or Pairwise Master Key, with which a PTK, or Pairwise Transient Key, session key is generated.
Since the client accepts 3-message resends even at PTK-DONE status, a PTK reinstallation can be forced by way of a man-in- the-middle (MitM) attack. An attacker is in the middle of packet sends, he can block message 4 thus forcing nonce reuse of message 3.
Finally, if this process completes successfully for the attacker, he can resend, decrypt and/or create packets to generate new attacking vectors such as injecting malware through the network.
Am I vulnerable?
Vulnerability lies in the Wi-Fi standard, therefore, all devices using it can be affected. Together with the finding paper, Vanhoef released a tool developed in python to check if an Access Point is vulnerable.
Due to the fact that nowadays most devices are connected to the Internet through Wi-Fi, such as cell phones, tablets, computers and/or other home devices belonging to the Internet of Things, it is advisable to be aware of these vulnerabilities and updates.
How could this attack affect me?
If you have a vulnerable device, attacking vectors are multiple. An attacker can view information encrypted in plain text, for example, credit card information after a purchase.
On the other hand, personal e-mail access credentials, corporate e-mails and social network information can be stolen. The reach of the attack is broad and puts our most private information at risk.
How can we be protected?
First of all, it is advisable to update all our Wi-Fi devices (cell phones, tablets, notebooks, access points) at the time updates are available. It is important to bear in mind that updates are not synchronized, so we must pay attention to each vendor.
Another partial solution to recommend is to use a trusted VPN (Virtual Private Network) due to its connection encryption, until the release of new updates. The Access Point may not support Fast BSS Transition (FT), causing a failure in testing script. This latter does not imply the Access Point is not vulnerable since this is one of the vectors but not the only one.
10 Common Vulnerabilities and Exposure (CVE) identifiers have been assigned, which keep a list of products affected to the different types of attack.
CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
CVE-2017-13086: Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13087: Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
- CVE-2017-13088: Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.