KRack - Serious Weaknesses in WPA2

October 17, 2017

Researchers have discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks.  This includes everything from computers, tablets, phones, home wireless routers and any device that supports WPA2 over Wi-Fi.

While details are still emerging, not all vendors have released patches as of yet.  So, in some cases, there will be little users can do until patches are released.   An attacker needs to be in range of an access-point to leverage this attack.  

Please see details below.  As more information is available, we will keep the security community updated.

Summary

A significant vulnerability has been discovered in the WPA2 security protocol used to secure Wi-Fi connections.  There are a few variants of the attack.  They affect all WPA2 implementations in some form.  The exploit may allow packet sniffing, connection hijacking, malware injection, and even decryption of the protocol itself.  [1]

Impact

NOTE: The attacker MUST be within range of a victims Wi-Fi signal to exploit these weaknesses. Large-scale network-based attacks are not possible with this vulnerability.

An attacker within the wireless communications range of an affected Wi-Fi AP (access point) and end-point client device may leverage these vulnerabilities to conduct attacks.

Impacts may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames, packet sniffing, malware injection, and even decryption of the WPA2 security protocol itself.

Vulnerable

  • Almost all major vendors are impacted by this vulnerability.
  • Some vendors have already made patches available. Check US CERT to see if your platform is vulnerable and if patches are available.  [2]

Recommendations

  • Patch your systems once a fix is made available from vendors.
  • Until the patch is available, use extra caution on what you transmit over Wi-Fi and use of VPN software when using Wi-Fi connections.
  • Use a wired network if your router and computer both have a port to plug in an Ethernet cable.
  • Only connect to secured services. Web pages that use HTTPS or another secure connection will include HTTPS in the address URL.  [3]
  • If your router doesn’t yet have a fix, and you don’t have a patched Wi-Fi access point that could be used for wireless instead, you could connect via Ethernet into your router and turn off its wireless function.

References

Technical overview:

Vulnerabilities listed by vendor:

Mitigations until patched:

  • Ensure use of end to end encryption such as SSL or TLS.
  • If possible, use a VPN connection to secure all traffic from the host to Internet past the affected WiFI access point.

Assigned CVE identifiers:

The following Common Vulnerabilities and Exposures (CVE) identifiers were assigned to track which products are affected by specific instantiations of our key reinstallation attack:

CVE-2017-13077:  Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2017-13078:  Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079:  Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13080:  Reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081:  Reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13082:  Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
CVE-2017-13084:  Reinstallation of the STK key in the PeerKey handshake.
CVE-2017-13086:  Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13087:  Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13088:  Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.

Note that each CVE identifier represents a specific instantiation of a key reinstallation attack.  This means each CVE ID describes a specific protocol vulnerability, and therefore many vendors are affected by each individual CVE ID.  You can also read vulnerability note VU#228519 of CERT/CC for additional details on which products are known to be affected.