A major vulnerability to the Wifi Protected Access II (WPA2) protocol was announced on Monday October 16th, 2017. Discovered by Mathy Vanhoef, this critical flaw in the widely used wifi protocol can be exploited to expose sensitive data which would previously have been believed to be safely encrypted. The exploit is not tied to any specific vendor or hardware but rather affects any device using the WPA2 protocol.
Attacks crafted to exploit this vulnerability have been dubbed Key Reinstallation Attacks (KRACKs) and a proof of concept attack has been successfully executed by Vanhoef which allowed the attacker to decrypt all data transmitted by the targeted user.
How Do KRACKs Work?
Most modern wifi networks use the WPA2 protocol to encrypt traffic; this protocol has been around since 2003 and thus far has been believed to be secure. The specific vulnerability in this cases lies in the four-way handshake used as part of the protocol to generate new session keys. In order to guarantee security, keys should be only ever used once.
Essentially a KRACK allows the attacker to perform a Man in the Middle attack which tricks targeted users into re-installing an already in-use key through the manipulation of and replaying of cryptographic handshake messages1. Once this re-used key is in place, the attacker can then decrypt packets potentially exposing sensitive information such as passwords, credit card details, cookies etc. It is currently believed however, that this attack can only be conducted if the attacker is in wifi range; no evidence as yet indicates that attacks can be carried out remotely. We would still urge all customers to take immediate action to mitigate vulnerability as this may change as more details come to light.
On the website where Vanhoef disclosed the vulnerability, he notes that this ability to decrypt packets can also be utilised to hijack TCP connections and as a result allow the attacker to inject malicious data such as malware to unencrypted HTTP connections. 1
Further Reading on the Attack Vector: https://www.krackattacks.com/
See bottom of advisory for full listing of CVE IDs associated with this vulnerability
Break-Down of Vulnerable Devices
Various vendors have started to release patches to mitigate against vulnerability to this attack vector. While all wifi devices are to some degree vulnerable, initial reports indicate that Linux and Android are especially vulnerable as they use a wpa_supplicant (v2.4 and above) client which allows the attacker to install an all-zero key rather than an already-used key. This means minor effort is required to intercept a targeted user’s traffic once they’re using this client.
The recommendation is to patch all routers and all wifi devices as and when vendors release patches. It is recommended to continue using WPA2 protocol as WPA1 is similarly affected.
The following vendors have been confirmed as affected however, the majority of vendors have yet to release a statement;
RedHat, Android, Aruba Networks2, Cisco, Juniper Networks, Samsung Mobile
US-Cert has compiled a list of vendors and their current status here, it is recommended that organisations check for updates over the coming hours and days.
How Can Ward Help?
For Managed Service customers, the Ward Support team will be reviewing individual environments and making recommendations on appropriate patching for all supported devices.
For all other customers, if you would like additional information or would like support in assessing and protecting your environment, please contact firstname.lastname@example.org or your account manager, as appropriate.
- CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
- CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
- CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
- CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
- CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
- CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Re-association Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
- CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
- CVE-2017-13086: reinstallation of the Tunnelled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
- CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
- CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.