A WiFi security flaw in WPA2 called KRACK has been discovered in an investigation at the University of Leuven in Belgium. The KRACK WiFi security weakness affects all modern WiFi networks and could be used for ill means with relative ease.
While there have been no known attacks targeting this weakness, it is one of the most serious WiFi flaws discovered, with the potential to be used for obtaining the data millions of users. If the KRACK WiFi security weakness is targeted, attackers could access encrypted WiFi traffic and steal login details, credit and debit card information, or inject malware. Most business and consumer WiFi networks that use Wi-Fi Protected Access 2 (WPA2) are in danger.
This cyberattack method has been labelled a key reinstallation attack – hence the name KRACK. When a user tries to connect to a protected WiFi network, a four-way handshake occurs to authenticate the user and access point. A weakness in the third stage of this handshake could be targeted. When messages are lost or dropped during the handshake, the attackers could initiate nonce and session key reuse permitting a man-in-the-middle attack.
“Each time it receives this message, it will reinstall the same encryption key, and thereby reset the incremental transmit packet number (nonce) and receive replay counter used by the encryption protocol. We show that an attacker can force these nonce resets by collecting and replaying retransmissions of message 3 of the 4-way handshake,” commented University of Leuven security researcher Mathy. He added: “By forcing nonce reuse in this manner, the encryption protocol can be attacked.
US-CERT stated in its official release on the matter that “the impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others.”
For the cyberattack to occur, the attacker would have to be close to the WiFi network, which is likely to restrict the ability of attackers to carry out attacks on businesses. However, it would be relatively simple to use this attack method on public WiFi networks such as in coffee shops, where many people connect to their work accounts via WiFi.
The WiFi security weakness is in the WiFi standard itself, rather than separate products. The majority of products are affected. Ten separate CVE IDs have been assigned to the weaknesses according to US-CERT:
- Reinstallation of the pairwise key in the Four-way handshake – CVE-2017-13077:
- Reinstallation of the group key in the Four-way handshake – CVE-2017-13078
- Reinstallation of the integrity group key in the Four-way handshake – CVE-2017-13079
- Reinstallation of the group key in the Group Key handshake – CVE-2017-13080
- Reinstallation of the integrity group key in the Group Key handshake – CVE-2017-13081
- Accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it – CVE-2017-13082
- Reinstallation of the STK key in the PeerKey handshake – CVE-2017-13084
- Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake – CVE-2017-13086
- Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame – CVE-2017-13087
- Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame – CVE-2017-13088