GDT Webinar Series – How to Fail at Security? Reserve Your Spot

WIFI is (temporarily) KRACKED

Wi-Fi Icon

by Moe Janmohammad via ScienceMoez

A massive security flaw in the WPA2 encryption protocol has caused panic within the InfoSec community this week.

How bad is it?

If you own a device that uses WiFi, you’re affected. KRACK, a stylized way to write Key Reinstallation Attack, could allow an attacker within range of a WPA2 protected network to intercept traffic between a client and the access point. In some cases it even allows the attacker to forge and inject packets.
It is important to note that this is not a hardware problem. The weakness exists in the WPA2 protocol itself, so any correct implementation of WPA2 is affected. To prevent an attack, users have to update the firmware/software on their WiFi devices as soon as a patch is available. Luckily, most manufacturers released patches within 24 hours of the vulnerability being reported, and the Proof of Concept code to take advantage of the vulnerability has not yet been released.

HOW DOES THIS ATTACK WORK?

Whenever you connect to a WiFi access point, 4 messages are exchanged between your device and the router.

  1. The access point sends an unencrypted message to the client.
  2. The client generates a key and sends back its own random value generated using the information in message 1.
  3. The access point generates an encryption key and sends back a verification code
  4. The client sends back an acknowledgment using the encryption key to verify that it is connected.

The KRACK attack takes place in between message 3 and 4. Since the access point is continuously looking for the acknowledgment message, if it doesn’t hear back from the client in a set amount of time (usually 60 seconds), it re-transmits an exact copy of message 3. If the client receives message 3 again, it resets a NOnce counter and re-uses the encryption key, even if it is the same. The WPA2 protocol does not guarantee that an encryption key cannot be reused.
An attacker simply has to listen for message 3 and they can modify the packet and install their own encryption key (it can even be all zeroes). After the client accepts and installs the key, decrypting their traffic becomes a trivial matter since they already know the encryption key.

HOW DO THEY OBTAIN THE WPA2 HANDSHAKE?

A few months ago I wrote a post about breaking WEP WiFi security. The process becomes similar, they just have to set up a WiFi sniffer and send deauth packets to force all clients to disconnect from the access point. Once the clients attempt to reconnect, the network is flooded with messages for the handshake, collecting those is a simple task.

WHAT IS THE IMPACT OF THIS?

Once an attacker can decrypt all of your traffic, intercepting internet cookies and passwords becomes child’s play. An attacker can intercept TCP SYN packets as well. That allows an attacker to decode TCP transmission sequence numbers and potentially hijack your TCP session. RDP sessions, video streams, secure downloads are all at risk for TCP hijacking.

HOW DO I PROTECT MYSELF?

Update your software, avoid using unfamiliar WiFi, use HTTPS whenever possible, and stick to trusted VPNs until your software is updated. You don’t need to change your WiFi password since those are not at risk for these attacks. Do not temporarily switch to WEP since that is even less secure than WPA2.

Author

Share this article

You might also like:

Data is truly the lifeblood of business operations—as evidenced by the explosion of data, which is expected to swell from 120 zettabytes in 2023 to 180 zettabytes by 2025. The backbone of data center resiliency is secure, effective, high-performing data storage. Here’s how modern data storage solutions reinforce data center

Understand Software and Maintenance Overspend As anyone with visibility into business IT costs knows, it’s incredibly easy to overspend on software and maintenance without realizing it. The average organization uses upward of a hundred software applications. As a result, the asset portfolio becomes complex and disparate, driving up maintenance and

Robust, resilient data infrastructure is key to keeping your organization secure and avoiding the challenges that arise from data breaches or loss. But it isn’t just a risk mitigation strategy — a well-architected and well-maintained data center empowers your organization to move quickly, serve customers well, streamline processes, and keep