A major new security flaw has been discovered and it affects practically every device that uses Wi-Fi. Its called KRACK (Key Reinstallation Attacks), and its very easy for attackers to decrypt and spy on anything a victim do online, which includes any passwords that a victim types or any documents sent can be seen by the attacker.
The vulnerability exists in the WPA2 protocol, which allows attackers to read information. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos. The attack works against all modern protected Wi-Fi networks.
What is WPA2 ?
WPA2 (Wi-Fi Protected Access 2) is a network security technology commonly used on Wi-Fi wireless networks. WPA2 is used on all certified Wi-Fi hardware since 2006 and is based on the IEEE 802.11i technology standard for data encryption.
What is WPA2 4 way Handshake ?
WPA2 4 ways handshake is a type of network authentication protocol established by IEEE-802.11i. The actual messages exchanged during the handshake is depicted in figure.
Message 1 : The AP (Access Point) sends a nonce-value to the clinet (ANonce).
Message 2 : The client now has all the attributes to construct the PTK(Pairwise Transient Key). The client sends its own nonce-value (SNonce) to the AP together with a Message Integrity Code (MIC), including authentication.
Message 3 : The AP constructs and sends the GTK(Group terminal key, which is used to decrypt multicast and broadcast traffic) and a sequence number together with another MIC.
Message 4 : Finally the client sends a confirmation to the AP.
The four-way handshake is designed so that the access point and wireless client (or supplicant) can independently prove to each other that they know the PMK(Pairwise Master Key), without ever disclosing the key.
The PMK is generally not sent over the network, leaving this component unshared and thus strengthening the security of the process.
What is KRACK Attack ?
The Key Reinstallation Attack is repeatedly carried out by resetting the nonce transmitted in the third step of the WPA2 handshake (4 ways handshake), an attacker can gradually match encrypted packets seen before and learn the full keychain used to encrypt the traffic.
4-way handshake gets executed, when the client wants to connect to a protected Wi-Fi network. Also, it negotiates a fresh encryption key to encrypt the traffic. This key will be installed and it will be used to encrypt normal data frames using an encryption protocol.
Since the key will be installed only after receiving message 3. AP will re-transmit message 3 if it did not receive an appropriate response as an acknowledgment. So the client may receive message 3 multiple times. Each time client receives the message, it will reinstall the same encryption key, and thereby reset the nonce.
An attacker can force these nonce resets by collecting and replaying retransmissions of message 3 of the 4-way handshake. By forcing nonce reuse in this manner, packets can be replayed, decrypted, and forged.
CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
How to prevent KRACK Attack ?
- Luckily many Wi-Fi routers and device makers are about to issue patches and here is the list of vendors have already issued the patch.
- Microsoft have already provided a patch to address this issue, and its identified by CVE-2017-13080.
- Its always a good practice to turn on auto updates on your devices. All devices accross platforms are provided with patches. In order to avoid KRACK attack, both client and routers need to be fixed.