KRACK WiFi Security Vulnerability Allows Attackers to Decrypt WiFi Traffic

Security researchers at the University of Leuven in Belgium have discovered a WiFi security flaw in WPA2 called KRACK. The KRACK WiFi security vulnerability affects all modern WiFi networks and could be exploited with relative ease.

While there have been no known attacks leveraging the vulnerability, it is one of the most serious WiFi flaws discovered to date, with potential to be used to attack millions of users. If the KRACK WiFi security vulnerability is exploited, attackers could decrypt encrypted WiFi traffic and steal login credentials, credit and debit card numbers, or inject malware. Most business and consumer WiFi networks that use Wi-Fi Protected Access 2 (WPA2) are affected

KRACK WiFi Security Vulnerability Allows Attackers to Induce Nonce and Session Key Reuse

The attack method has been termed a key reinstallation attack – hence the name KRACK. When a user attempts to connect to a protected WiFi network, a four-way handshake occurs to authenticate the client and access point. A flaw in the third stage of this handshake could be exploited. When messages are lost or dropped during the handshake, the attackers could induce nonce and session key reuse allowing a man-in-the-middle attack.

“Each time it receives this message, it will reinstall the same encryption key, and thereby reset the incremental transmit packet number (nonce) and receive replay counter used by the encryption protocol. We show that an attacker can force these nonce resets by collecting and replaying retransmissions of message 3 of the 4-way handshake,” said  University of Leuven security researcher Mathy. “By forcing nonce reuse in this manner, the encryption protocol can be attacked.

US-CERT in its advisory, “The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others.”

For the attack to take place, the attacker would need to be within range of the WiFi network, which is likely to limit the ability of attackers to conduct attacks on businesses. However, it would be easy to use this attack method on public WiFi networks such as in coffee shops, where many individuals connect to their work accounts via WiFi.

The WiFi security flaw is in the WiFi standard itself, rather than individual products. Most products are affected. Ten separate CVE IDs have been assigned to the vulnerabilities according to US-CERT:

  • CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
  • CVE-2017-13078: reinstallation of the group key in the Four-way handshake
  • CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake
  • CVE-2017-13080: reinstallation of the group key in the Group Key handshake
  • CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake
  • CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it
  • CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
  • CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
  • CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
  • CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

“Our key reinstallation attack is exceptionally devastating against Linux and Android 6.0 or higher,” said Vanhoef, pointing out on those operating systems, “an attacker can typically obtain a complete copy of all communications.” However, the attack method could also be used on Windows and Apple devices, as well as on OpenBSD, MediaTek, and Linksys.

Companies have already started working on updates to address the vulnerability, which was disclosed to US-CERT many months ago. While some vendors have addressed the flaw, others are expected to release updates soon. That said, Vanhoef suspects many IoT devices may never get an update to fix the flaw and could remain vulnerable for years.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of