Key Reinstallation Attack or – KRACK
For the past couple of months vendors of wireless devices had been working quietly on how to respond to a new WiFi vulnerability called Key Reinstallation Attacks, or KRACK. This vulnerability focuses on a weakness in the WPA2 protocol most of us recognize as WiFi security. The public release of the vulnerability was Monday October 17th 2017 around 7am, but news organizations had prior access to information since most manufactures were notified on August 28th 2017.
A key point is this weakness was developed around the WiFi standard, and not specific products or configurations of WiFi installations. This means in order to mitigate the issue, manufactures will need to update APs but more importantly clients to bypass the issue. More information about the hardware vendors who are affected, and more importantly, their response to the issue can be found here at the Cert/CC database: https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
So what’s the actual Key Reinstallation Attack?
WiFi devices use a 4-handshake method to authenticate to an AP using WPA protocols. This handshake is the method of generating a PTK (Pairwise Transient Key), the actual key used to encrypt messages between a client and AP. The problem lies in the fact that WiFi devices require ACK or acknowledgements of information or packets delivered. When an AP doesn’t receive an ACK the AP will re-transmit the same message again. This leaves the handshake open to receive the same information multiple times, specifically message three. By retransmitting, thus reinstalling the same encryption key from message three the incremental transmit packet number or nonce can be reset.
If the connection is already established, the attacker would need a way to force a reset to look message three in the authentication or PTK process. This is accomplished through Fast BSS transition, or 802.11r. An attacking machine can force 802.11r packets to a specific client asking them to change APs. Once the client disconnects from the AP and “roam” a simultaneous attack is happening to re-direct the client to the attacking machine or AP, thus capturing their connection using an all zero encryption key. Well known man-in-the-middle attacks (MITM) can be executed by attackers once the connection has been established to the Rogue AP.
What can you do to make sure your enterprise is safe?
First, follow the recommended update paths from your AP manufacturer. Again, the best way to find your vendors acknologement and plan of action is found in the cert.org database here. https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
WiFi stations and clients are the main target in this vulnerability, and need to be updated as soon as possible. Everything from laptops, tablets, phones, smart watches, all the way down to your smart connected washer and dryer will need an update. The clients and IOT devices we don’t think of as WiFi connected will remain the most vulnerable. In my house, the Rumba is WiFi connected and could be the target of KRACK to gain access to my home network depending on it’s chip capabilities. At this point Android and Linux systems are the most vulnerable based on testing by the persons who identified the problem. Again, updating WiFi connected clients will be the primary resolution to KRACK.
Also keep in mind, this attack is done locally. Someone needs to be within range of your device in order to exploit your machine. Coffee shops, airports and other public spaces where WiFi is used regularly in public should be considered high targets.
Questions and support in updating can be made with John Blount, VP of Enterprise Mobility.
A more technical overview of the PTK and Snonce attack can be found at https://www.krackattacks.com/