KRACK ("Key Reinstallation Attack") is a replay attack (a type of exploitable flaw) on the

Wi-Fi Protected Access Wi-Fi Protected Access (WPA), Wi-Fi Protected Access II (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security and security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer networks. The All ...

protocol that secures

Wi-Fi Wi-Fi () is a family of wireless network protocols, based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio waves ...

connections. It was discovered in 2016 by the Belgian researchers Mathy Vanhoef and Frank Piessens of the University of Leuven. Vanhoef's research group published details of the attack in October 2017. By repeatedly resetting the

nonce Nonce may refer to: * Cryptographic nonce, a number or bit string used only once, in security engineering * Nonce word, a word used to meet a need that is not expected to recur * The Nonce, American rap duo * Nonce orders, an architectural term * ...

transmitted in the third step of the WPA2

handshake A handshake is a globally widespread, brief greeting or parting tradition in which two people grasp one of each other's like hands, in most cases accompanied by a brief up-and-down movement of the grasped hands. Customs surrounding handshakes a ...

, an attacker can gradually match encrypted packets seen before and learn the full

keychain A keychain (also key fob or keyring) is a small ring or chain of metal to which several keys can be attached. The length of a keychain allows an item to be used more easily than if connected directly to a keyring. Some keychains allow one or bo ...

used to encrypt the traffic. The weakness is exhibited in the Wi-Fi standard itself, and not due to errors in the implementation of a sound standard by individual products or implementations. Therefore, any correct implementation of WPA2 is likely to be vulnerable. The vulnerability affects all major software platforms, including

Microsoft Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ...

macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and la ...

, iOS, Android,

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, whi ...

OpenBSD OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. According to the website, the OpenBSD project e ...

and others. The widely used open-source implementation

wpa_supplicant wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku. In addition to being a WPA3 and WPA2 sup ...

, utilized by Linux and Android, was especially susceptible as it can be manipulated to install an all-zeros

encryption key A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the ke ...

, effectively nullifying WPA2 protection in a

man-in-the-middle attack In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...

. Version 2.7 fixed this vulnerability. The security protocol protecting many Wi-Fi devices can essentially be bypassed, potentially allowing an attacker to intercept sent and received data.

Details

The attack targets the four-way handshake used to establish a

(a kind of " shared secret") in the WPA2 protocol. The standard for WPA2 anticipates occasional Wi-Fi disconnections, and allows reconnection using the same value for the third handshake (for quick reconnection and continuity). Because the standard does not require a different key to be used in this type of reconnection, which could be needed at any time, a replay attack is possible. An attacker can repeatedly re-send the third handshake of another device's communication to manipulate or reset the WPA2 encryption key. Each reset causes data to be encrypted using the same values, so blocks with the same content can be seen and matched, working backwards to identify parts of the

which were used to encrypt that block of data. Repeated resets gradually expose more of the keychain until eventually the whole key is known, and the attacker can read the target's entire traffic on that connection. According to

US-CERT The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of ...

"US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017."

The paper describing the vulnerability is available online, and was formally presented at the ACM Conference on Computer and Communications Security on 1 November 2017. US-CERT is tracking this vulnerability, listed as VU#228519, across multiple platforms. The following CVE identifiers relate to the KRACK vulnerability: and . Some WPA2 users may counter the attack by updating Wi-Fi client and access point device software, if they have devices for which vendor patches are available. However, vendors may delay in offering a patch, or not provide patches at all in the case of many older devices.

Patches

Patches are available for different devices to protect against KRACK, starting at these versions:

Workarounds

In order to mitigate risk on vulnerable clients, some WPA2-enabled Wi-Fi access points have configuration options that can disable EAPOL-Key frame re-transmission during key installation. Attackers cannot cause re-transmissions with a delayed frame transmission, thereby denying them access to the network, provided

TDLS TDLS, shortened from Tunneled Direct Link Setup, is "a seamless way to stream media and other data faster between devices already on the same Wi-Fi network." Devices using it communicate directly with one another, without involving the wireless n ...

is not enabled. One disadvantage of this method is that, with poor connectivity, key reinstallation failure may cause failure of the Wi-Fi link.

Continued vulnerability

In October 2018, reports emerged that the KRACK vulnerability was still exploitable in spite of vendor patches, through a variety of workarounds for the techniques used by vendors to close off the original attack.

References

External links