A huge flaw into the Wi-Fi Protected Access II protocol on Sunday left the Wi-Fi traffic between computers and access points open to eavesdropping. The KRACK attack also let other nasties in, such as malicious injection and connection hijacking.
The so called Key Reinstallation Attacks, or shortly KRACK, is a proof-of-concept exploit. The analysis has been kept private for weeks ahead of a coordinated disclosure which was scheduled for 8 a.m. Monday, east coast time.
This is how a recent advisory the US CERT distributed to about 100 organizations described the research:
“US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.”
A researcher who has been briefed on the vulnerability claims that it works by exploiting a four-way handshake that’s used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it’s resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.
These are the tags used by a Github page belonging to one of the researchers and a separate placeholder website for the vulnerability:
- WPA2
- KRACK
- key reinstallation
- security protocols
- network security, attacks
- nonce reuse
- handshake
- packet number
- initialization vector
According to the researchers, the vulnerabilities are indexed as: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088.
These vulnerabilities are scheduled to be formally presented in a talk named Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 scheduled for November 1 at the ACM Conference on Computer and Communications Security in Dallas. It’s believed that the disclosure will be made through the website krackattacks.com.
The vast majority of existing access points aren’t likely to be patched quickly, and some may not be patched at all. If initial reports are accurate that encryption bypass exploits are easy and reliable in the WPA2 protocol, it’s likely attackers will be able to eavesdrop on nearby Wi-Fi traffic as it passes between computers and access points. It might also mean that it’s possible to forge Dynamic Host Configuration Protocol settings, opening the door to hacks involving users’ domain name service.
Currently, it’s not possible to confirm the details reported in the CERT advisory or to assess the severity at the time this post was going live. If eavesdropping or hijacking scenarios turn out to be easy to pull off, people should avoid using Wi-Fi whenever possible until a patch or mitigation is in place.
When Wi-Fi is the only connection option, people should use HTTPS, STARTTLS, Secure Shell and other reliable protocols to encrypt Web and e-mail traffic as it passes between computers and access points. As a fall-back users should consider using a virtual private network as an added safety measure, but users are reminded to choose their VPN providers carefully, since many services can’t be trusted to keep users safer.
