KRACKs
KRACKs (Key Reinstallation AttaCKs) is a number of vulnerabilities in WPA2, related to key handshakes between a client and an access point.
An attacker can trick a victim into reinstalling an already-in-use key. This key (the 3rd message in a 4-way handshake) is resent multiple times by the attacker and each time installed by the client, resetting the nonce. By forcing nonce reuse in this manner, the same encryption key is used with nonce values that have already been used in the past, basically attacking the encryption protocol.
A nonce is an arbitrary number used only once in a cryptographic communication. They are often random or pseudo-random numbers
Impact
What can happen?
- Attackers can use this method to decrypt packets sent by clients, allowing them to intercept sensitive information such as passwords and (session) cookies. Note that this is in the direction from the client to the access point;
- Attackers can change the TCP sequence numbers of a connection, and hijack TCP connections. As a consequence they can also inject malicious data (fe. malware) into unencrypted HTTP connections;
- Attackers can replay unicast, broadcast, and multicast frames;
- Attacks against WPA-TKIP allow attackers to forge and inject network packets.
Solution
Patching is the only solution but not all vendors have already provided patches. This vulnerability does not only affect your access point. It affects all devices that support wifi, including laptops, smartphones and “smart” devices (fe. camera’s, motion sensors) that use wifi.
- Inventorize what wifi hardware that you have;
- Know what vendors you have to deal with;
- Where is the hardware used, what is it criticality (BIA classes)?
- Monitor the vendor update site and the US-CERT overview. Contact your vendor and ask them when updates will be made available;
- If your vendor has a patch ready : Apply the patch;
Is exploit code available?
Not yet, but the published paper contains all the necessary information to have this attack rapidly included in automated (?) offensive toolsets.
The researchers did publish a video showing how the attack is accomplished.
Mitigation
There are no real mitigation measures besides patching.
Obviously an attacker needs to be in range of the wireless network. But remember that clients (for example connected to a wifi network out of your control – airport, customer site) are also at risk and not specifically your corporate wifi infrastructure.
- Use a VPN!
A VPN is meant to be used on hostile networks. Verify that all traffic passes through the tunnel (ref. split-tunnel etc.); - Use HTTPS for everything.
As long as you don’t ignore those HTTPS certificate warnings you can browse as safe(?) as before. Note that the researchers warned on the fact that this extra protection can (still) be bypassed in a worrying number of situations. For example, HTTPS was previously bypassed in non-browser software, in Apple’s iOS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps. - Note that the same as with open wifi networks, if the attacker controls the ARP/DNS packets or can forge for example DHCP packets they basically can control all your network traffic.
- Although regular password changing is always a good thing, it is not going to help in this situation.