Jump to content

KRACK: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
Patches: Fix watchOS and tvOS styling
Rescuing 1 sources and tagging 0 as dead.) #IABot (v2.0.9.5) (Pancho507 - 22069
 
(41 intermediate revisions by 27 users not shown)
Line 1: Line 1:
{{Short description|Attack on the Wi-Fi Protected Access protocol}}
{{distinguish|software cracking}}
{{distinguish|software cracking}}

[[File:KRACK-logo-small.png|thumb|KRACK attack logo]]
{{Infobox bug
'''KRACK''' ("'''Key Reinstallation Attack'''") is a severe [[replay attack]] (a type of exploitable flaw) on the [[Wi-Fi Protected Access]] protocol that secures [[Wi-Fi]] connections. It was discovered in 2016<ref name="Cimpanu">{{Cite web|url=https://www.bleepingcomputer.com/news/security/new-krack-attack-breaks-wpa2-wifi-protocol/|title=New KRACK Attack Breaks WPA2 WiFi Protocol|author-last=Cimpanu|author-first=Catalin|date=16 October 2017|website=Bleeping Computer|archive-url=|archive-date=|dead-url=no|access-date=2017-10-16}}</ref> by the Belgian researchers Mathy Vanhoef and Frank Piessens of the [[Katholieke Universiteit Leuven|University of Leuven]].<ref name="Gallagher2017">{{Cite news |url=https://arstechnica.com/information-technology/2017/10/how-the-krack-attack-destroys-nearly-all-wi-fi-security |title=How the KRACK attack destroys nearly all Wi-Fi security |work=[[Ars Technica]] |access-date=2017-10-16 |author-first=Sean |author-last=Gallagher |date=2017-10-16}}</ref> Vanhoef's research group published details of the attack in October 2017.<ref name="Hern2017">{{Cite news |url=https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-security-vulnerable-hacking-us-government-warns |title='All wifi networks' are vulnerable to hacking, security expert discovers |author-last=Hern |author-first=Alex |date=2017-10-16 |work=[[The Guardian]] |access-date=2017-10-16 |issn=0261-3077}}</ref> By repeatedly resetting the [[cryptographic nonce|nonce]] transmitted in the third step of the WPA2 [[handshaking|handshake]], an attacker can gradually match encrypted packets seen before and learn the full [[keychain#Computer keychains|keychain]] used to encrypt the traffic.
| name = KRACK
| image = [[Image:KRACK-logo-small.png|180px]]
| caption = KRACK attack logo
| CVE = {{CVE|2017-13077}},<br />
{{CVE|2017-13078|link=no}},<br />
{{CVE|2017-13079|link=no}},<br />
{{CVE|2017-13080|link=no}},<br />
{{CVE|2017-13081|link=no}},<br />
{{CVE|2017-13082|link=no}},<br />
{{CVE|2017-13084|link=no}},<br />
{{CVE|2017-13086|link=no}},<br />
{{CVE|2017-13087|link=no}},<br />
{{CVE|2017-13088|link=no}}
| discovered = {{Start date and age|2016}}
| patched =
| discoverer = Mathy Vanhoef and Frank Piessens
| affected hardware = All devices that use [[Wi-Fi Protected Access|Wi-Fi Protected Access (WPA)]]
| affected software = All operating systems that use WPA
| website =
}}

'''KRACK''' ("'''Key Reinstallation Attack'''") is a [[replay attack]] (a type of exploitable flaw) on the [[Wi-Fi Protected Access]] protocol that secures [[Wi-Fi]] connections. It was discovered in 2016<ref name="Cimpanu">{{Cite web|url=https://www.bleepingcomputer.com/news/security/new-krack-attack-breaks-wpa2-wifi-protocol/|title=New KRACK Attack Breaks WPA2 WiFi Protocol|author-last=Cimpanu|author-first=Catalin|date=16 October 2017|website=Bleeping Computer|access-date=2017-10-16}}</ref> by the Belgian researchers [[Mathy Vanhoef]] and [[Frank Piessens]] of the [[Katholieke Universiteit Leuven|University of Leuven]].<ref name="Gallagher2017">{{Cite news |url=https://arstechnica.com/information-technology/2017/10/how-the-krack-attack-destroys-nearly-all-wi-fi-security |title=How the KRACK attack destroys nearly all Wi-Fi security |work=[[Ars Technica]] |access-date=2017-10-16 |author-first=Sean |author-last=Gallagher |date=2017-10-16}}</ref> Vanhoef's research group published details of the attack in October 2017.<ref name="Hern2017">{{Cite news |url=https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-security-vulnerable-hacking-us-government-warns |title='All Wifi Networks' Are Vulnerable to Hacking, Security Expert Discovers |author-last=Hern |author-first=Alex |date=2017-10-16 |work=[[The Guardian]] |access-date=2017-10-16 |issn=0261-3077}}</ref> By repeatedly resetting the [[cryptographic nonce|nonce]] transmitted in the third step of the WPA2 [[Handshake (computing)|handshake]], an attacker can gradually match encrypted packets seen before and learn the full [[keychain#Computer keychains|keychain]] used to encrypt the traffic.


The weakness is exhibited in the Wi-Fi standard itself, and not due to errors in the implementation of a sound standard by individual products or implementations. Therefore, any correct implementation of WPA2 is likely to be vulnerable.<ref>{{Cite web |url=https://www.krackattacks.com/|title=Key Reinstallation Attacks |author-last=Vanhoef |author-first=Mathy |date=2017}}</ref> The vulnerability affects all major software platforms, including [[Microsoft Windows]], [[macOS]], [[iOS]], [[Android (operating system)|Android]], [[Linux]], [[OpenBSD]] and others.<ref name="Hern2017"/>
The weakness is exhibited in the Wi-Fi standard itself, and not due to errors in the implementation of a sound standard by individual products or implementations. Therefore, any correct implementation of WPA2 is likely to be vulnerable.<ref>{{Cite web |url=https://www.krackattacks.com/|title=Key Reinstallation Attacks |author-last=Vanhoef |author-first=Mathy |date=2017}}</ref> The vulnerability affects all major software platforms, including [[Microsoft Windows]], [[macOS]], [[iOS]], [[Android (operating system)|Android]], [[Linux]], [[OpenBSD]] and others.<ref name="Hern2017"/>


The widely used open-source implementation [[wpa_supplicant]], utilized by Linux and Android, is especially susceptible as it can be manipulated to install an all-zeros [[encryption key]], effectively nullifying WPA2 protection in a [[man-in-the-middle attack]].<ref name="Goodin2017">{{Cite news |url=https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/ |title=Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping |work=[[Ars Technica]] |access-date=2017-10-16 |author-first=Dan |author-last=Goodin |date=2017-10-16}}</ref><ref>{{Cite news |url=https://www.theverge.com/2017/10/16/16481252/wi-fi-hack-attack-android-wpa-2-details |title=41 percent of Android phones are vulnerable to 'devastating' Wi-Fi attack |work=[[The Verge]] |access-date=2017-10-16}}</ref>.
The widely used open-source implementation [[wpa_supplicant]], utilized by Linux and Android, was especially susceptible as it can be manipulated to install an all-zeros [[encryption key]], effectively nullifying WPA2 protection in a [[man-in-the-middle attack]].<ref name="Goodin2017">{{Cite news |url=https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/ |title=Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping |work=[[Ars Technica]] |access-date=2017-10-16 |author-first=Dan |author-last=Goodin |date=2017-10-16}}</ref><ref>{{Cite news |url=https://www.theverge.com/2017/10/16/16481252/wi-fi-hack-attack-android-wpa-2-details |title=41 percent of Android phones are vulnerable to 'devastating' Wi-Fi attack |work=[[The Verge]] |access-date=2017-10-16}}</ref> Version 2.7 fixed this vulnerability.<ref>https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog {{Bare URL plain text|date=March 2022}}</ref>


The security protocol protecting a large number of Wi-Fi devices can essentially be bypassed, potentially allowing an attacker to intercept<ref>{{cite news|url= https://finance.yahoo.com/news/krack-wi-fi-vulnerability-means-201414316.html/|title= What the KRACK Wi-Fi vulnerability means for you and your devices|date= Oct 16, 2017|archive-url= https://web.archive.org/web/20171016225327/https://mashable.com/2017/10/16/krack-wifi-wpa2-vulnerability-what-to-do/#GxetylDXjiqw|archive-date= Oct 16, 2017|deadurl=}}</ref> sent and received data.
The security protocol protecting many Wi-Fi devices can essentially be bypassed, potentially allowing an attacker to intercept<ref>{{cite news|url= https://finance.yahoo.com/news/krack-wi-fi-vulnerability-means-201414316.html/|title= What the KRACK Wi-Fi vulnerability means for you and your devices|date= Oct 16, 2017|archive-url= https://web.archive.org/web/20171016225327/https://mashable.com/2017/10/16/krack-wifi-wpa2-vulnerability-what-to-do/#GxetylDXjiqw|archive-date= October 16, 2017}}</ref> sent and received data.


== Details ==
== Details ==
The attack targets the four-way handshake used to establish a [[cryptographic nonce|nonce]] (a kind of "[[shared secret]]") in the WPA2 protocol. The standard for WPA2 anticipates occasional WiFi disconnections, and allows reconnection using the same value for the third handshake (for quick reconnection and continuity). Because the standard does not require a different key to be used in this type of reconnection, which could be needed at any time, a [[replay attack]] is possible.
The attack targets the four-way handshake used to establish a [[cryptographic nonce|nonce]] (a kind of "[[shared secret]]") in the WPA2 protocol. The standard for WPA2 anticipates occasional Wi-Fi disconnections, and allows reconnection using the same value for the third handshake (for quick reconnection and continuity). Because the standard does not require a different key to be used in this type of reconnection, which could be needed at any time, a [[replay attack]] is possible.


An attacker can repeatedly re-send the third handshake of another device's communication to manipulate or reset the WPA2 encryption key. Each reset causes data to be encrypted using the same values, so blocks with the same content can be seen and matched, working backwards to identify parts of the [[Keychain#Computer keychains|keychain]] which were used to encrypt that block of data. Repeated resets gradually expose more of the keychain until eventually the whole key is known, and the attacker can read the target's entire traffic on that connection.
An attacker can repeatedly re-send the third handshake of another device's communication to manipulate or reset the WPA2 encryption key.<ref>{{cite news |url=https://lookgadgets.com/news/wi-fi-security-kr00k-eavesdropping-attacks/ |title=Wi-Fi Security Flaw: Billions of devices are affected by Eavesdropping Attacks |work=[[LookGadgets]] |access-date=2020-02-27}}</ref> Each reset causes data to be encrypted using the same values, so blocks with the same content can be seen and matched, working backwards to identify parts of the [[Keychain#Computer keychains|keychain]] which were used to encrypt that block of data. Repeated resets gradually expose more of the keychain until eventually the whole key is known, and the attacker can read the target's entire traffic on that connection.


According to [[US-CERT]]:
According to [[US-CERT]]:


<blockquote>"US-CERT has become aware of several key management vulnerabilities in the [[IEEE 802.11i-2004#The four-way handshake|4-way handshake]] of the Wi-Fi Protected Access II (WPA2) security protocol.&nbsp;The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017."<ref>{{Cite news |url=https://www.v3.co.uk/v3-uk/news/3019219/world-wifi-at-risk-from-krack |title=World WiFi at risk from KRACK |work=V3 |access-date=2017-10-16 |author-first=Chris |author-last=Merriman |date=2017-10-16}}</ref></blockquote>
<blockquote>"US-CERT has become aware of several key management vulnerabilities in the [[IEEE 802.11i-2004#The four-way handshake|4-way handshake]] of the Wi-Fi Protected Access II (WPA2) security protocol.&nbsp;The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017."<ref>{{Cite news |url=https://www.v3.co.uk/v3-uk/news/3019219/world-wifi-at-risk-from-krack |title=World WiFi at Risk from KRACK |work=V3 |access-date=2017-10-16 |author-first=Chris |author-last=Merriman |date=2017-10-16}}</ref></blockquote>


The paper describing the vulnerability is available online,<ref>{{Cite web |url=https://papers.mathyvanhoef.com/ccs2017.pdf |title=Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 |author-last1=Vanhoef |author-first1=Mathy |author-last2=Piessens |author-first2=Frank |date=2017 |archive-url= |archive-date= |dead-url=no |access-date=2017-10-16}}</ref> and was formally presented at the ACM Conference on Computer and Communications Security on 1 November 2017.<ref name="Goodin2017" /> US-CERT is tracking this vulnerability, listed as VU#228519, across multiple platforms.<ref>{{Cite web |url=https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4 |title=Vendor Information for VU#228519 |website=www.kb.cert.org |access-date=2017-10-16}}</ref> The following [[Common Vulnerabilities and Exposures|CVE identifiers]] relate to the KRACK vulnerability: {{CVE|2017-13077|2017-13078|2017-13079|2017-13080|2017-13081|2017-13082|2017-13084|2017-13086|2017-13087}}<!-- template at present only supports 9 entries --> and {{CVE|2017-13088}}.<ref name="Goodin2017" />
The paper describing the vulnerability is available online,<ref>{{Cite web |url=https://papers.mathyvanhoef.com/ccs2017.pdf |title=Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 |author-last1=Vanhoef |author-first1=Mathy |author-last2=Piessens |author-first2=Frank |date=2017 |access-date=2017-10-16}}</ref> and was formally presented at the ACM Conference on Computer and Communications Security on 1 November 2017.<ref name="Goodin2017" /> US-CERT is tracking this vulnerability, listed as VU#228519, across multiple platforms.<ref>{{Cite web |url=https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4 |title=Vendor Information for VU#228519 |website=www.kb.cert.org |access-date=2017-10-16 |archive-date=2017-10-16 |archive-url=https://web.archive.org/web/20171016175421/https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4 |url-status=dead }}</ref> The following [[Common Vulnerabilities and Exposures|CVE identifiers]] relate to the KRACK vulnerability: {{CVE|2017-13077|2017-13078|2017-13079|2017-13080|2017-13081|2017-13082|2017-13084|2017-13086|2017-13087}}<!-- template at present only supports 9 entries --> and {{CVE|2017-13088}}.<ref name="Goodin2017" />


Some WPA2 users may counter the attack by updating Wi-Fi client and access point device software, if they have devices for which vendor patches are available.<ref name=Wagenseil2017/> However, vendors may delay in offering a patch, or not provide patches at all in the case of many older devices.<ref name=Wagenseil2017>{{cite web|url=https://www.tomsguide.com/us/wifi-krack-attack-what-to-do,news-25990.html|title=KRACK Attack Threatens All Wi-Fi Networks: What to Do|last=Wagenseil|first=Paul|date=16 October 2017|website=Tom's Guide|publisher=|archive-url=|archive-date=|dead-url=|accessdate=17 October 2017}}</ref><ref name=Cimpanu/>
Some WPA2 users may counter the attack by updating Wi-Fi client and access point device software, if they have devices for which vendor patches are available.<ref name=Wagenseil2017/> However, vendors may delay in offering a patch, or not provide patches at all in the case of many older devices.<ref name=Wagenseil2017>{{cite web|url=https://www.tomsguide.com/us/wifi-krack-attack-what-to-do,news-25990.html|title=KRACK Attack Threatens All Wi-Fi Networks: What to Do|last=Wagenseil|first=Paul|date=16 October 2017|website=Tom's Guide|access-date=17 October 2017}}</ref><ref name=Cimpanu/>


== Patches ==
== Patches ==
Line 32: Line 55:
|-
|-
| [[Android (operating system)|Android]]
| [[Android (operating system)|Android]]
| [[Android 5.0]] and later
| all
| Android 2017-11-06 security patch level<ref>{{cite web|title=Android Security Bulletin – November 2017|url=https://source.android.com/security/bulletin/2017-11-01|website=android.com|access-date=2017-11-07}}</ref>
| Android 2017-11-06 security patch level<ref>{{cite web|title=Android Security Bulletin – November 2017|url=https://source.android.com/security/bulletin/2017-11-01|website=android.com|access-date=2017-11-07}}</ref>
|-
|-
| [[Chrome OS]]
| [[ChromeOS]]
| all
| All
| Stable channel 62.0.3202.74<ref>{{Cite web |url=https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html|title=Stable Channel Update for Chrome OS |website=chromereleases.googleblog.com | access-date=2017-11-07}}</ref>
| Stable channel 62.0.3202.74<ref>{{Cite web |url=https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html|title=Stable Channel Update for Chrome OS |website=chromereleases.googleblog.com | access-date=2017-11-07}}</ref>
|-
|-
| [[iOS]]
| [[iOS]]
| [[iOS 11]]
| [[iOS 11]]
| iOS 11.1<ref>{{Cite web |url=https://support.apple.com/en-us/HT208222|title=About the security content of iOS 11.1 – Apple Support |website=support.apple.com |access-date=2017-11-01}}</ref> for iPhone >=7, iOS 11.2<ref>{{Cite web |url=https://support.apple.com/en-us/HT208334|title=About the security content of iOS 11.2 – Apple Support |website=support.apple.com |access-date=2017-12-07}}</ref> for all iOS devices running iOS 11. iOS versions earlier than iOS 11 were not vulnerable.{{Citation needed|date=January 2018}}
| iOS 11.1 for iPhone 7, iPad Pro 9.7 inch, and later devices;<ref>{{Cite web |url=https://support.apple.com/en-us/HT208222|title=About the security content of iOS 11.1 – Apple Support |website=support.apple.com |access-date=2017-11-01}}</ref> iOS 11.2 for all other supported devices<ref>{{Cite web |url=https://support.apple.com/en-us/HT208334|title=About the security content of iOS 11.2 – Apple Support |website=support.apple.com |access-date=2017-12-07}}</ref>
|-
|-
| [[LineageOS]]
| [[LineageOS]]
| 14.1 ([[Android Nougat|Android 7.1]]) and later
|
| 14.1-20171016<ref>{{cite web|title=All official 14.1 builds built after this tweet have been patched for KRACK|url=https://twitter.com/LineageAndroid/status/920143977256382464|website=twitter.com|accessdate=2 November 2017|date=16 October 2017}}</ref>
| 14.1-20171016<ref>{{cite web |author1=The LineageOS Project |author-link=LineageOS |title=All official 14.1 builds built after this tweet have been patched for KRACK. |url=https://twitter.com/lineageandroid/status/920143977256382464 |publisher=[[Twitter]] |access-date=15 December 2018 |date=16 October 2017}}</ref>
|-
|-
| [[macOS High Sierra]]
| [[macOS High Sierra]]
Line 76: Line 99:
|-
|-
| Windows
| Windows
| [[Windows 10|10]]
| [[Windows 10|10]]
| KB4042895 (initial version)<br />KB4041689 (version 1511)<br /> KB4041691 (version 1607)<br /> KB4041676 (version 1703)<br />Windows 10 version 1709 and later have the patch included in its release<ref name=windows/>
| KB4042895<ref name=windows/>
|-
|-
| Windows Server
| Windows Server
Line 90: Line 113:
| [[Windows Server 2016|2016]]
| [[Windows Server 2016|2016]]
| KB4041691<ref name=windows/>
| KB4041691<ref name=windows/>
|-
| [[Ubuntu Linux]]
| 14.04 LTS, 16.04 LTS, 17.04
| Updates as of October 2017<ref>{{Cite web |url=https://askubuntu.com/questions/965684/has-ubuntu-been-patched-against-the-krack-attack|title=Has Ubuntu been patched against the KRACK attack? |access-date=2019-04-17}}</ref>
|}
|}


== Workarounds ==
== Workarounds ==


In order to mitigate risk on vulnerable clients, some WPA2-enabled Wi-Fi access points have configuration options that can disable EAPOL-Key frame re-transmission during key installation. Attackers cannot cause re-transmissions with a delayed frame transmission, thereby denying them access to the network, provided [[TDLS]] is not enabled.<ref>https://lede-project.org/docs/user-guide/wifi_configuration#wpa_key_reinstallation_attack_workaround</ref> One disadvantage of this method is that, with poor connectivity, key reinstallation failure may cause failure of the Wi-Fi link.
In order to mitigate risk on vulnerable clients, some WPA2-enabled Wi-Fi access points have configuration options that can disable EAPOL-Key{{Clarify|date=April 2019}} frame re-transmission during key installation. Attackers cannot cause re-transmissions with a delayed frame transmission, thereby denying them access to the network, provided [[TDLS]] is not enabled.<ref>{{Cite web|url=https://openwrt.org/docs/user-guide/wifi_configuration|title=OpenWrt Project: docs:user-guide:wifi_configuration|website=openwrt.org}}</ref> One disadvantage of this method is that, with poor connectivity, key reinstallation failure may cause failure of the Wi-Fi link.

Alternatively, users with unpatched devices can disable their wireless network connection and use a wired alternative - though this may not be practical for many scenarios, such as mobile devices or tablets.


== Continued vulnerability ==
== Continued vulnerability ==
Line 102: Line 127:


== See also ==
== See also ==
* [[KrØØk]]
*[[IEEE 802.11r-2008]] – Problem in 802.11r fast BSS transition (FT)
* [[IEEE 802.11r-2008]] – Problem in 802.11r fast BSS transition (FT)
*[[Wireless security]]
*[[WPA3]]
* [[Wireless security]]
* [[WPA3]]


== References ==
== References ==
Line 110: Line 136:


== External links ==
== External links ==
* https://www.krackattacks.com/
* [https://www.krackattacks.com/ krackattacks.com]
* [https://github.com/kristate/krackinfo Community-maintained vendor response matrix for KRACK]
* [https://github.com/kristate/krackinfo Community-maintained vendor response matrix for KRACK]


{{Hacking in the 2010s}}
{{Hacking in the 2010s}}


[[Category:Computer security exploits]]
[[Category:Computer-related introductions in 2017]]
[[Category:Computer-related introductions in 2017]]
[[Category:Computer security exploits]]
[[Category:Telecommunications-related introductions in 2017]]
[[Category:Wi-Fi]]
[[Category:Wi-Fi]]

Latest revision as of 05:51, 12 December 2024

KRACK
KRACK attack logo
CVE identifier(s)CVE-2017-13077,

CVE-2017-13078,
CVE-2017-13079,
CVE-2017-13080,
CVE-2017-13081,
CVE-2017-13082,
CVE-2017-13084,
CVE-2017-13086,
CVE-2017-13087,

CVE-2017-13088
Date discovered2016; 8 years ago (2016)
DiscovererMathy Vanhoef and Frank Piessens
Affected hardwareAll devices that use Wi-Fi Protected Access (WPA)
Affected softwareAll operating systems that use WPA

KRACK ("Key Reinstallation Attack") is a replay attack (a type of exploitable flaw) on the Wi-Fi Protected Access protocol that secures Wi-Fi connections. It was discovered in 2016[1] by the Belgian researchers Mathy Vanhoef and Frank Piessens of the University of Leuven.[2] Vanhoef's research group published details of the attack in October 2017.[3] By repeatedly resetting the nonce transmitted in the third step of the WPA2 handshake, an attacker can gradually match encrypted packets seen before and learn the full keychain used to encrypt the traffic.

The weakness is exhibited in the Wi-Fi standard itself, and not due to errors in the implementation of a sound standard by individual products or implementations. Therefore, any correct implementation of WPA2 is likely to be vulnerable.[4] The vulnerability affects all major software platforms, including Microsoft Windows, macOS, iOS, Android, Linux, OpenBSD and others.[3]

The widely used open-source implementation wpa_supplicant, utilized by Linux and Android, was especially susceptible as it can be manipulated to install an all-zeros encryption key, effectively nullifying WPA2 protection in a man-in-the-middle attack.[5][6] Version 2.7 fixed this vulnerability.[7]

The security protocol protecting many Wi-Fi devices can essentially be bypassed, potentially allowing an attacker to intercept[8] sent and received data.

Details

[edit]

The attack targets the four-way handshake used to establish a nonce (a kind of "shared secret") in the WPA2 protocol. The standard for WPA2 anticipates occasional Wi-Fi disconnections, and allows reconnection using the same value for the third handshake (for quick reconnection and continuity). Because the standard does not require a different key to be used in this type of reconnection, which could be needed at any time, a replay attack is possible.

An attacker can repeatedly re-send the third handshake of another device's communication to manipulate or reset the WPA2 encryption key.[9] Each reset causes data to be encrypted using the same values, so blocks with the same content can be seen and matched, working backwards to identify parts of the keychain which were used to encrypt that block of data. Repeated resets gradually expose more of the keychain until eventually the whole key is known, and the attacker can read the target's entire traffic on that connection.

According to US-CERT:

"US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017."[10]

The paper describing the vulnerability is available online,[11] and was formally presented at the ACM Conference on Computer and Communications Security on 1 November 2017.[5] US-CERT is tracking this vulnerability, listed as VU#228519, across multiple platforms.[12] The following CVE identifiers relate to the KRACK vulnerability: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087 and CVE-2017-13088.[5]

Some WPA2 users may counter the attack by updating Wi-Fi client and access point device software, if they have devices for which vendor patches are available.[13] However, vendors may delay in offering a patch, or not provide patches at all in the case of many older devices.[13][1]

Patches

[edit]

Patches are available for different devices to protect against KRACK, starting at these versions:

System Version Patched
Android Android 5.0 and later Android 2017-11-06 security patch level[14]
ChromeOS All Stable channel 62.0.3202.74[15]
iOS iOS 11 iOS 11.1 for iPhone 7, iPad Pro 9.7 inch, and later devices;[16] iOS 11.2 for all other supported devices[17]
LineageOS 14.1 (Android 7.1) and later 14.1-20171016[18]
macOS High Sierra 10.13 macOS 10.13.1[19]
macOS Sierra 10.12 Security Update 2017-001 Sierra[19]
OS X El Capitan 10.11 Security Update 2017-004 El Capitan[19]
tvOS 11 tvOS 11.1[20]
watchOS 4 watchOS 4.1[21]
Windows 7 KB4041681 or KB4041678[22]
Windows 8.1 KB4041693 or KB4041687[22]
Windows 10 KB4042895 (initial version)
KB4041689 (version 1511)
KB4041691 (version 1607)
KB4041676 (version 1703)
Windows 10 version 1709 and later have the patch included in its release[22]
Windows Server 2008 KB4042723[22]
Windows Server 2012 KB4041690 or KB4041679[22]
Windows Server 2016 KB4041691[22]
Ubuntu Linux 14.04 LTS, 16.04 LTS, 17.04 Updates as of October 2017[23]

Workarounds

[edit]

In order to mitigate risk on vulnerable clients, some WPA2-enabled Wi-Fi access points have configuration options that can disable EAPOL-Key[clarification needed] frame re-transmission during key installation. Attackers cannot cause re-transmissions with a delayed frame transmission, thereby denying them access to the network, provided TDLS is not enabled.[24] One disadvantage of this method is that, with poor connectivity, key reinstallation failure may cause failure of the Wi-Fi link.

Continued vulnerability

[edit]

In October 2018, reports emerged that the KRACK vulnerability was still exploitable in spite of vendor patches, through a variety of workarounds for the techniques used by vendors to close off the original attack.[25]

See also

[edit]

References

[edit]
  1. ^ a b Cimpanu, Catalin (16 October 2017). "New KRACK Attack Breaks WPA2 WiFi Protocol". Bleeping Computer. Retrieved 2017-10-16.
  2. ^ Gallagher, Sean (2017-10-16). "How the KRACK attack destroys nearly all Wi-Fi security". Ars Technica. Retrieved 2017-10-16.
  3. ^ a b Hern, Alex (2017-10-16). "'All Wifi Networks' Are Vulnerable to Hacking, Security Expert Discovers". The Guardian. ISSN 0261-3077. Retrieved 2017-10-16.
  4. ^ Vanhoef, Mathy (2017). "Key Reinstallation Attacks".
  5. ^ a b c Goodin, Dan (2017-10-16). "Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping". Ars Technica. Retrieved 2017-10-16.
  6. ^ "41 percent of Android phones are vulnerable to 'devastating' Wi-Fi attack". The Verge. Retrieved 2017-10-16.
  7. ^ https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog [bare URL plain text file]
  8. ^ "What the KRACK Wi-Fi vulnerability means for you and your devices". Oct 16, 2017. Archived from the original on October 16, 2017.
  9. ^ "Wi-Fi Security Flaw: Billions of devices are affected by Eavesdropping Attacks". LookGadgets. Retrieved 2020-02-27.
  10. ^ Merriman, Chris (2017-10-16). "World WiFi at Risk from KRACK". V3. Retrieved 2017-10-16.
  11. ^ Vanhoef, Mathy; Piessens, Frank (2017). "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" (PDF). Retrieved 2017-10-16.
  12. ^ "Vendor Information for VU#228519". www.kb.cert.org. Archived from the original on 2017-10-16. Retrieved 2017-10-16.
  13. ^ a b Wagenseil, Paul (16 October 2017). "KRACK Attack Threatens All Wi-Fi Networks: What to Do". Tom's Guide. Retrieved 17 October 2017.
  14. ^ "Android Security Bulletin – November 2017". android.com. Retrieved 2017-11-07.
  15. ^ "Stable Channel Update for Chrome OS". chromereleases.googleblog.com. Retrieved 2017-11-07.
  16. ^ "About the security content of iOS 11.1 – Apple Support". support.apple.com. Retrieved 2017-11-01.
  17. ^ "About the security content of iOS 11.2 – Apple Support". support.apple.com. Retrieved 2017-12-07.
  18. ^ The LineageOS Project (16 October 2017). "All official 14.1 builds built after this tweet have been patched for KRACK". Twitter. Retrieved 15 December 2018.
  19. ^ a b c "About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan – Apple Support". support.apple.com. Retrieved 2017-11-01.
  20. ^ "About the security content of tvOS 11.1". Apple Support. Retrieved 2017-11-07.
  21. ^ "About the security content of watchOS 4.1". Apple Support. Retrieved 2017-11-07.
  22. ^ a b c d e f "CVE-2017-13080 Windows Wireless WPA Group Key Reinstallation Vulnerability". microsoft.com. Retrieved 2017-11-01.
  23. ^ "Has Ubuntu been patched against the KRACK attack?". Retrieved 2019-04-17.
  24. ^ "OpenWrt Project: docs:user-guide:wifi_configuration". openwrt.org.
  25. ^ Chirgwin, Richard (5 October 2018). "Man the harpoons: The KRACK-en reawakens in updated WPA2 attack". The Register. Retrieved 2018-10-05.
[edit]