The modern standard for WiFi security protocols is WPA2. The benefits of WPA2 are numerous, most notably the support for CCMP, which is based in the AES encryption standard. Strong encryption, however, is useless if a zero-day exploit can compromise the user through other attack vectors. It is this reality that cybersecurity professionals are dealing with thanks to an attack method recently uncovered. Discovered by Mathy Vanhoef of Belgium’s The Katholieke Universiteit Leuven, and detailed in an extensive research paper entitled “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2,” the KRACK (key reinstallation attack) attack is proving to be a dangerous finding. KRACK allows, in the words of Vanhoef written in a blog post about the attack method:
Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data.
The implications here are massive. Literally every WiFi supporting device that uses proper implementation of the WPA2 protocol is susceptible to this attack. The mechanics of KRACK have to do with the third part of the WPA2 4-way handshake, which is responsible for installing a fresh encryption key. As Vanhoef states:
Once the key is installed, it will be used to encrypt normal data frames using an encryption protocol. However, because messages may be lost or dropped, the Access Point (AP) will retransmit message 3 if it did not receive an appropriate response as acknowledgment. As a result, the client may receive message 3 multiple times… Each time it receives this message, it will reinstall the same encryption key, and thereby reset the incremental transmit packet number (nonce)… an attacker can force these nonce resets by collecting and replaying retransmissions of message 3 of the 4-way handshake.
In these nonce resets, the attacker is given free rein to decrypt or forge packets in the hopes of obtaining sensitive data. The possibility for damage is endless. An example of this attack can be found in the video below that was made by Mathy Vanhoef:
While the KRACK attack itself has not been officially observed in the wild, the reality is that a security researcher is not always the first to find exploits.
As this is the case, one might wonder what can be done to protect against KRACK. Honestly, until vendors patch this, there really isn’t a whole lot that can be done. The only advice that Mathy Vanhoef gave is to update all devices once patches are released (some vendors already report fixing the flaw) and also to update the firmware of your router. The thing with zero-days is that they are unexpected and trigger a race against the clock once discovered in hopes of getting a leg up on black hats that might exploit them.
KRACK is no different.
Photo credit: Wikimedia