Skip to main content
Articles

WiFi Krack & #8211; WPA2 Vulnerability & #8211; Critical Bulletin

By October 17, 2017#!28Thu, 28 Feb 2019 10:45:41 -0300p4128#28Thu, 28 Feb 2019 10:45:41 -0300p-10America/Sao_Paulo2828America/Sao_Paulox28 28am28am-28Thu, 28 Feb 2019 10:45:41 -0300p10America/Sao_Paulo2828America/Sao_Paulox282019Thu, 28 Feb 2019 10:45:41 -03004510452amThursday=904#!28Thu, 28 Feb 2019 10:45:41 -0300pAmerica/Sao_Paulo2#February 28th, 2019#!28Thu, 28 Feb 2019 10:45:41 -0300p4128#/28Thu, 28 Feb 2019 10:45:41 -0300p-10America/Sao_Paulo2828America/Sao_Paulox28#!28Thu, 28 Feb 2019 10:45:41 -0300pAmerica/Sao_Paulo2#No Comments

Mathy Vanhoef of imec-DistriNet yesterday announced a new critical vulnerability called WiFi Krack in the WPA2 protocol, which is widely used to protect traffic on wireless networks. Since the problem is with the protocol itself and not with individual devices, the attack will work against all devices using a Wi-Fi network regardless of Operating System. This form of attack has been labeled KRACK (Key Reinstallation AttaCKs).

Initiating a Wi-Fi connection involves a four-way handshake between the requesting client and the access point. During this time, an encryption key is negotiated between the two and it will be used to encrypt session traffic. To successfully exploit this vulnerability, an attacker “tricks” the targeted device to reinstall the key chosen for this session to a key known to the attacker. This could potentially allow an attacker to read the content of traffic between the client and the access point, and possibly even inject ransomware or malware into the victim by accessing malicious websites. Attacks must be within range of the access point and client to succeed. According to the announcement, if only one of the devices (client or access point) is fixed, the pair will not be vulnerable to this form of attack.

The following CVEs are associated with this WPA2 WiFi Protocol Krack vulnerability:

  • CVE-2017-13077: Reinstalling Pairwise Encryption Key (PTK-TK) on 4-Way Handshake.
  • CVE-2017-13078: Reinstalling Group Key (GTK) in 4-Way Handshake.
  • CVE-2017-13079: Reinstalling Health Group Key (IGTK) on 4-Way Handshake.
  • CVE-2017-13080: Reinstalling the Group Key (GTK) in the Group Key Handshake.
  • CVE-2017-13081: Reinstalling the Integrity Group Key (IGTK) in the Group Key Handshake.
  • CVE-2017-13082: Accepting a Relayed BSS Transition Fast (FT) Re-Assignment Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
  • CVE-2017-13084: Reinstalling STK Key in PeerKey Handshake.
  • CVE-2017-13086: Reinstalling the Tunneled Direct Link Configuration (TDLS) PeerKey Key (TPK) on the TDLS Handshake.
  • CVE-2017-13087: Group Key (GTK) Reinstallation When Processing a Wireless Network Management (WNM) Standby Response Frame.
  • CVE-2017-13088: Reinstalling the Health Group Key (IGTK) When Processing a Wireless Network Management (WNM) Sleep Response Frame.

Any wireless network is vulnerable, it is suggested to adopt VPN in these communications immediately.

 

 

 

Consequences of WiFi Krack

If the KRACK attack succeeds, you can decrypt and read any information the victim submits (such as login credentials).

Solution

It is recommended that the device be updated with the latest available version as well as its firmware. As a countermeasure we suggest using VPN in any connection.

Krack WiFi References

https://www.krackattacks.com/
https://cwe.mitre.org/data/definitions/323.html
https://papers.mathyvanhoef.com/ccs2017.pdf
https://www.kb.cert.org/vuls/id/228519
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-security-update
https://www.debian.org/security/2017/dsa-3999
https://forum.mikrotik.com/viewtopic.php?f=21&t=126695
Written by Raphael Denser, SOC Analyst & #8211; Safeway

 

Like this newsletter, want to get more? Sign up here.

Leave a Reply