Critical vulnerabilities detected in WPA2 - Key Reinstallation Attacks (KRACK)

A group of researchers found serious flaws in the WPA2 protocol, which provides protection for all modern Wi-Fi networks. An attacker who is within the victim’s area of ​​operation can exploit these flaws using Key Reinstallation Attacks. Attackers can use this new attack method to read information that was previously considered encrypted.

UPD: post updated with partial details of the attack and the list of vendor updates.

Vulnerability WPA2 allows you to bypass the protection and listen to Wi-Fi traffic transmitted between the access point and the computer. They are assigned the following CVE identifiers:
')

• CVE-2017-13077 : Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
• CVE-2017-13078 : Reinstallation of the group key (GTK) in the 4-way handshake.
• CVE-2017-13079 : Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
• CVE-2017-13080 : Reinstallation of the group key (GTK) in the group key handshake.
• CVE-2017-13081 : Reinstallation of the integrity group key (IGTK) in the group key handshake.
• CVE-2017-13082 : Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
• CVE-2017-13084 : Reinstallation of the STK key in the PeerKey handshake.
• CVE-2017-13086 : Reinstall the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
• CVE-2017-13087 : reinstallation of the group key (GTK) Sleep Mode Response frame.
• CVE-2017-13088 : Wireless network management (WNM) Sleep Mode Response frame.

In a key reinstallation attack, reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. Associated parameters such as the incremental transmit packet number (ie, nonce) and receive packet number (ie, replay counter) Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.

As a Proof-of-Concept, a video is provided that demonstrates an attack on a smartphone running Android:



The researchers created a site on which in the near future promise to publish more detailed details of the attack. Also created a repository (while empty).

Some manufacturers are already aware of the problem:

Wi-Fi Protected Access II (WPA2) security protocol. This is the impact of exploiting these vulnerabilities, decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. The protocol will be affected. The CERT / CC reviewer of the LeUven, will be publicly disclosing these vulnerabilities on 16 October 2017.

The technical details of the attack are partially revealed by an article from one of the researchers: papers.mathyvanhoef.com/ccs2017.pdf

Disclosure of information about the attack is scheduled for today, October 16, 2017. As information becomes available, the post will be updated.

UPD:

The attack works against frequent and corporate Wi-Fi networks, against outdated WPA and the latest WPA2 standard, and even against networks that only use AES. All of our attacks aimed at WPA2 use innovative key reinstallation techniques, ”write the KRACK authors.

In fact, KRACK allows an attacker to carry out a man-in-the-middle attack and force network members to reinstall encryption keys that protect WPA2 traffic. In addition, if the network is configured to use WPA-TKIP or GCMP, an attacker can not only listen for WPA2 traffic, but also inject packets into the victim's data.

The KRACK method is universal and works against any devices connected to a Wi-Fi network. That is, absolutely all users of Android, Linux, iOS, macOS, Windows, OpenBSD, as well as numerous IoT-devices are in danger.

According to the researchers, the exploit will not be published until the moment when most vendors release updates.

You can check the availability / lack of a patch for a specific vendor here , or on the manufacturer's homepage.