In my networking class last semester, we covered a section about the basics of WiFi and how it works. We went over the disadvantages, standards, some relevant terms, authentication, encryption, access points, filtering… the whole enchilada. In short, today’s WiFi-enabled devices must follow the IEEE 802.11 standards, solve collisions with CSMA/CA, and protect the transfer of data with WPA2. However, on October 16, 2017, news broke out that WPA2 has a serious security vulnerability; Mathy Vanhoef calls it KRACK, or Key Reinstallation AttaCKs.
You can read the entirety of Vanhoef’s findings in his published paper if you want all the juicy details. For the sake of this blog post, I’m going to try to make it a little easier to read and digest.
Essentially, there is first an authentication stage, followed by a 4-way handshake, between the device and the WiFi network in order for the two to connect. During these two stages, the data is unencrypted. The handshake initializes Pairwise Transient Keys to encrypt further messages.
However, if an attacker blocks the device from sending over the fourth message of the 4-way handshake, the network will continually send the third message back to the device. This causes nonce (Number only used ONCE) keys to be reset to their initial values. Namely, this resets the transmit and receive packet numbers.
The issue with this is that it gives the attacker a chance to replay, decrypt, or forge packets. Since the keys are reset to their initial values, the attacker now knows the keys. This is a 802.11 standard issue. It does not explain how the device should handle retransmissions of packets, and allows for the reset to occur.
In Vanhoef’s demonstration video, you can see that his attack reset the initial values of the keys. He was able to capture packets in plain-text. Specifically, he was able to see the user’s email and password.
Linux and Android devices are especially vulnerable to KRACK attacks. This is because the supplicant (network endpoint) resets the nonce keys to zeroes instead of reinstalling the real key.
UPDATE YOUR DEVICES. UPDATE THE FIRMWARE OF YOUR ROUTER. The KRACK exploit targets the devices, so patching your device will make sure that you can (relatively) securely connect to unpatched networks. You don’t necessarily have to change your WiFi password, but it’s not a bad idea. Luckily, we don’t have to rush to create a WPA3 or anything like that. Read the official FAQ for more information.