Security news that informs and inspires

Explaining KRACK: A Critical Attack Affecting A Wi-Fi Security Protocol

By

KRACK stands for key reinstallation attacks, published in the paper, Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 by Mathy Vanhoef at KU Leuven and other security researchers from imec-DistriNet, the University of Alabama at Birmingham, Huawei Technologies and Ruhr-Universität Bochum.

What is KRACK and WPA2?

KRACK refers to a group of 10 key vulnerabilities affecting WPA2, Wi-Fi Protected Access 2, the current best-practice protocol that is used to secure wireless networks. Depending on the configuration of the wireless network, the KRACK vulnerabilities could allow an attacker to eavesdrop on users’ Internet communications or tamper with the traffic being sent across the network itself.

While users typically protect against such attacks by using a password to connect to a secure network, KRACK can decrypt network data without requiring the attacker to know the Wi-Fi password.

The researchers provided a high-level summary of how it works: The attacker can abuse the way in which cryptographic keys are set up between a Wi-Fi client and the Wi-Fi access point (AP) by replaying one of the key setup messages. As a result, the attacker knows certain information about the key that should be secret. Once the key setup is manipulated, the mathematical attacks to derive the encryption key become feasible.

Once an attacker derives the key, they can read data sent to and from the Wi-Fi client. Depending on the cryptographic algorithms being used on the Wi-Fi network, the attacker could also forge messages between the client and the AP.

What is the Impact?

Attackers can use the vulnerabilities to read network traffic, which could include sensitive data like passwords, cookies, credit card numbers, emails, etc. This affects all devices that support all Wi-Fi configurations. For certain Wi-Fi configurations using TKIP or GCMP encryption (rather than AES), data can be written to the network and spoofed from/to a Wi-Fi client.

One point that is important to understand is that this is a protocol-level bug that isn’t found in just one implementation or product - it affects nearly all Wi-Fi devices in our homes and businesses, as well as the networking companies that build them.

As this is a protocol-level issue, it will likely require fixes on both the network infrastructure (AP) and client sides. Given the number of AP vendors and the amount of products shipped with the vulnerabilities, this will be a difficult issue to address. Some systems may never have a fix released, meaning they may stay vulnerable.

In particular, devices with embedded Wi-Fi (such as Internet of Things - IoT devices like baby monitors, televisions, etc.) may be the most at risk, as patches may be very slow to come out or may never be available from the manufacturers.

How Does It Impact Authentication?

As mentioned previously, KRACK allows attackers to decrypt Wi-Fi data without recovering the Wi-Fi network password, which means changing your Wi-Fi network password won’t mitigate the attacks.

Being on a secure Wi-Fi network won't be enough to keep usernames and passwords safe from attackers, who can use the intercepted credentials to log into your accounts across other websites and services. Using an app or TLS for internal communications will retain their confidentiality even over a vulnerable Wi-Fi network.

Using two-factor authentication (2FA) across your different login accounts can help prevent unauthorized login attempts due to stolen credentials, as it requires another method to verify your identity, in addition to a password.

What Platforms Are Affected?

During their initial research, the security researchers discovered that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by KRACK, according to KrackAttacks.com. However, it’s important to note that KRACK does not actually work against Windows and iOS, as noted by the research paper, although they are both still vulnerable to the group handshake attack.

According to the researchers, users on Linux or Android 6.0 (currently, 41% of all Android devices) or higher are especially at risk, as Android and Linux can be tricked into installing an all-zero encryption key. This just means it’s easier to decrypt their data packets (data transmitted over the web) compared to other platforms.

Caveats

While serious, there are a few important caveats to keep in mind regarding KRACK:

  • Aruba and Ubiquiti, sellers of wireless access points to large corporations and government organizations, already have updates available to patch or mitigate the attacks, according to Ars Technica. See the Cisco advisory.
  • This can be patched on the client and server side. There are Linux patches available, as noted by the Debian advisory and OpenBSD, which silently patched before embargo (see FAQ). Security Architect Kevin Beaumont recommends that organizations ask Wi-Fi network providers for patches.
  • While researchers have demonstrated the attack against an Android device, there is no publicly available code that can be used to carry out attacks in the real world. Kevin also states that realistically, the attack doesn’t work against Windows or iOS devices, but mainly Android devices that don’t get patched. This is noted in section 3.2 of the researchers’ paper - “Windows and iOS do not accept retransmissions of message 3…This violates the 802.11 standard. As a result, these implementations are not vulnerable to our key reinstallation attack against the 4-way handshake.”
  • If you’re using an Android device, it might be best to turn off your Wi-Fi until you can patch for KRACK.
  • HTTPS, Secure Shell and other security protocols can be used to encrypt web traffic in transit between computers and network access points.
  • Move to AES encryption if you’re currently using TKIP/GCMP. This limits exposure to only the loss of confidentiality (though does not fix the vulnerability, just limits its impact).
  • While some recommend using a virtual private network (VPN), that may introduce even more hidden security risks, as a number of providers don’t encrypt traffic, leak data, or use third-party tracking to monitor users’ activity.

Image source: Juanandresrosero.makes.org