A massive security flaw in the WPA2 encryption protocol has caused panic among the InfoSec community this week.
How bad is it? If you own a device that uses WiFi, you’re affected. KRACK, a stylized way to write Key Reinstallation Attack, could allow an attacker within range of a WPA2 protected network to intercept traffic between a client and the access point. In some cases it even allows the attacker to forge and inject packets.
It is important to note that this is not a hardware problem. The weakness exists in the WPA2 protocol itself, so any correct implementation of WPA2 is affected. To prevent an attack, users have to update the firmware/software on their WiFi devices as soon as a patch is available. Luckily, most manufacturers released patches within 24 hours of the vulnerability being reported, and the Proof of Concept code to take advantage of the vulnerability has not yet been released.
How does this attack work?
Whenever you connect to a WiFi access point, 4 messages are exchanged between your device and the router.
- The access point sends an unencrypted message to the client.
- The client generates a key and sends back its own random value generated using the information in message 1.
- The access point generates an encryption key and sends back a verification code
- The client sends back an acknowledgement using the encryption key to verify that it is connected.
The KRACK attack takes place in between message 3 and 4. Since the access point is continuously looking for the acknowledgement message, if it doesn’t hear back from the client in a set amount of time (usually 60 seconds), it re-transmits an exact copy of message 3. If the client receives message 3 again, it resets a
NOnce counter and re-uses the encryption key, even if it is the same. The WPA2 protocol does not guarantee that a n encryption key cannot be reused.
An attacker simply has to listen for message 3 and they can modify the packet and install their own encryption key (it can even be all zeroes). After the client accepts and installs the key, decrypting their traffic becomes a trivial matter since they already know the encryption key.
How do they obtain the WPA2 handshake?
A few months ago I wrote a post about breaking WEP WiFi security. The process becomes similar, they just have to set up a WiFi sniffer and send
deauth packets to force all clients to disconnect from the access point. Once the clients attempt to reconnect, the network is flooded with messages for the handshake, collecting those is a simple task.
What is the impact of this?
Once an attacker can decrypt all of your traffic, intercepting internet cookes and passwords becomes child’s play. An attacker can intercept TCP SYN packets as well. That allows an attacker to decode TCP transmission sequence numbers and potentially hijack your TCP session. RDP sessions, video streams, secure downloads are all at risk for TCP hijacking.
How do I protect myself?
Update your software, avoid using unfamiliar WiFi, use HTTPS whenever possible, and stick to trusted VPNs until your software is updated. You don’t need to change your WiFi password since those are not at risk with these attacks. Do not temporarily switch to WEP since that is even less secure than WPA2.