» ISP News » 

KRACK Attack – Internet Panics Over Big Wi-Fi Flaws in WPA2 Security

Monday, October 16th, 2017 (12:45 pm) - Score 6,261

Security researchers have revealed bad news for WiFi wireless networks everywhere. Several key management vulnerabilities in the 4-way handshake of the WPA2 security protocol, which helps to keep modern Wireless Local Area Networks (WLAN) secure via encryption, have been found.

Hopefully by now everybody has ensured that their home wireless network and devices are all connected using the latest Wi-Fi Protected Access II (WPA2) method of encryption, which has so far served us all well. The bad news is that a string of new vulnerabilities have been discovered that could result in WPA2 secured networks being decrypted, hijacked and generally abused (it works against both WPA1 and WPA2 – personal and enterprise networks – and against any cipher suite being used like WPA-TKIP, AES-CCMP and GCMP).

As the US Computer Emergency Readiness Team (US-CERT) states, “The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected.”

The details of all this are due to be published shortly via several vulnerability announcements (CVE-2017-13077, 13078, 13079, 13080, 13081, 13082, 13084, 13086, 13087, 13088) and the collection of flaws are being referred to as KRACK (aka – Key Reinstallation Attacks). A dedicated website has even been setup by the researchers to provide information on the incoming problem – https://www.krackattacks.com.

Statement by the Researchers

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.

The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected.

So we’re all doomed, right? Well.. yes and no. Certainly if you read a lot of this morning’s media coverage then you’d be forgiven for thinking that the sky was about to fall and hackers are due to break into all your home networks and / or devices. KRACK is certainly no laughing matter and it is indeed a very a serious problem, although it’s important to put these things into some common sense perspective.

The detailed research paper on KRACK (no pun intended) covers what appears to be quite a complex method of breaking through WPA2 and it’s one that, due to some flaky implementation of WiFi standards (802.11), won’t work effectively (yet) on Microsoft Windows or Apple iOS machines / devices. The paper largely focused upon Android based Smartphone and Tablets, which is thus where most of the problem resides.

On top of that there’s currently no known public attack code available to exploit the vulnerabilities, although that will no doubt change, and any hacker would need to be both very skilled and also situated in close proximity to your network kit in order to conduct the attack.

The good news is that the industry doesn’t need to create WPA3 in order to tackle the problem because WPA2 is patchable. The bad news is that some broadband routers and other software or device manufacturers, as well as many users themselves, can be quite poor when it comes to keeping their systems up-to-date. Suffice to say, keep an eye out for the latest patches and deploy them.

One other thing to note is that the main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. “So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones,” said the researchers.

The researchers are now moving on to ponder whether other protocol implementations are also vulnerable to key reinstallation attacks. Protocols that appear particularly vulnerable are those that must take into account that messages may be lost. “After all, these protocols are explicitly designed to process retransmitted frames, and are possibly reinstalling keys while doing so,” said the team.

Leave a Comment
6 Responses
  1. Avatar Bob2002

    This pretty much sums it up(from the paper) –

    “The idea behind our attacks is rather trivial in hindsight, and can
    be summarized as follows. When a client joins a network, it executes
    the 4-way handshake to negotiate a fresh session key. It will install
    this key after receiving message 3 of the handshake. Once the key
    is installed, it will be used to encrypt normal data frames using a
    data-confidentiality protocol. However, because messages may be
    lost or dropped, the Access Point (AP) will retransmit message 3 if
    it did not receive an appropriate response as acknowledgment. As
    a result, the client may receive message 3 multiple times. Each time
    it receives this message, it will reinstall the same session key, and
    thereby reset the incremental transmit packet number (nonce) and
    receive replay counter used by the data-confidentiality protocol.
    We show that an attacker can force these nonce resets by collecting
    and replaying retransmissions of message 3. By forcing nonce reuse
    in this manner, the data-confidentiality protocol can be attacked,
    e.g., packets can be replayed, decrypted, and/or forged. The same
    technique is used to attack the group key, PeerKey, and fast BSS
    transition handshake.”

  2. Avatar Mel

    The really bad news that it is a client vulnerability, and not something that could be fixed by replacing or patching the router/access point, and a protocol vulnerability too, so everything is vulnerable, although Linux’s implementation ( and therefor android too) make it easiest to attack.

    Routers will apparently only need to be patched if they have an option to operate in client mode.

    There must be a huge number of client devices currently in use that doubtlessly will never be fixed because they are out of production, meaning the manufacturer has little, or no incentive to release a patch. The manufacturer of my perfectly adequate (for me) Android 4.4 phone never released any security fixes while it was in production, so there is an infinite improbability that they’d release a fix for this.

    I wonder if it will even be possible to fix some IOT devices due to their very limited RAM.

  3. Avatar Stella Lucente

    KRACK vulnerability is unsafe but can easily be stopped via WiFi security VPN. Here’s how you can prevent KRACK vulnerability: https://www.purevpn.com/blog/how-to-overcome-krack-wifi-vulnerability/

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £19.95 (*22.00)
    Avg. Speed 50Mbps, Unlimited
    Gift: Promo Code: HYPER20
  • SSE £22.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • Plusnet £22.50 (*35.98)
    Avg. Speed 36Mbps, Unlimited
    Gift: £50 Reward Card
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited
    Gift: None
  • Onestream £22.99 (*34.99)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2741)
  2. FTTP (2670)
  3. FTTC (1768)
  4. Building Digital UK (1723)
  5. Politics (1631)
  6. Openreach (1592)
  7. Business (1403)
  8. FTTH (1330)
  9. Statistics (1223)
  10. Mobile Broadband (1195)
  11. Fibre Optic (1048)
  12. 4G (1027)
  13. Wireless Internet (1009)
  14. Ofcom Regulation (1004)
  15. Virgin Media (992)
  16. EE (678)
  17. Sky Broadband (662)
  18. TalkTalk (653)
  19. Vodafone (651)
  20. 5G (487)
Helpful ISP Guides and Tips

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact