A group of researchers discovered serious weaknesses in WPA2, a protocol that secures all modern Wi-Fi connections. An attacker can exploit these weaknesses using key reinstallation attacks (KRACK). To be more precise attackers can use this technique to read information that was previously assumed to be safely encrypted.

This way they can steal sensitive information such as credit card numbers, passwords, messages, photos and so on. The most serious part about this weakness is that this is the base of all modern Wi-Fi networks, so a lot of devices are vulnerable. In some cases it is also possible to inject and manipulate data (like ransomware or other malware into websites). Since the weakness is in the Wi-Fi standard, not in individual products or implementation, any correct implementation of WPA2 is likely affected.

Researcher Mathy Vanhoef -who discovered the vulnerability- posted a video against an Android smartphone.

“Our main attack is against the 4-way handshake of the WPA2 protocol. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to confirm that both the client and access point possess the correct credentials (e.g. the pre-shared password of the network). At the same time, the 4-way handshake also negotiates a fresh encryption key that will be used to encrypt all subsequent traffic. Currently, all modern protected Wi-Fi networks use the 4-way handshake. This implies all these networks are affected by (some variant of) our attack. For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES. All our attacks against WPA2 use a novel technique called a key reinstallation attack (KRACK)” – writes Vanhoef.

During the attack the victim is tricked to reinstall and already-in-use key. They can manipulate and replay the handshake messages to achieve this. With the new key, associated parameters such as the incremental transmit packet number (nonce) and the receive packet number (replay number) are reset to their initial value. To guarantee security, a key should only be installed and used once.

“When a client joins a network, it executes the 4-way handshake to negotiate a fresh encryption key. It will install this key after receiving message 3 of the 4-way handshake. Once the key is installed, it will be used to encrypt normal data frames using an encryption protocol. However, because messages may be lost or dropped, the Access Point (AP) will retransmit message 3 if it did not receive an appropriate response as acknowledgment. As a result, the client may receive message 3 multiple times. Each time it receives this message, it will reinstall the same encryption key, and thereby reset the incremental transmit packet number (nonce) and receive replay counter used by the encryption protocol. We show that an attacker can force these nonce resets by collecting and replaying retransmissions of message 3 of the 4-way handshake. By forcing nonce reuse in this manner, the encryption protocol can be attacked, e.g., packets can be replayed, decrypted, and/or forged. The same technique can also be used to attack the group key, PeerKey, TDLS, and fast BSS transition handshake.”

To defend against any attacks be sure to update your devices as soon as security updates are availabe. This includes you computers, mobile devices and ultimately your router. Luckily implementations can be patched in a backwards-compatible manner, so a patched client can still securely use an unpatched access point and vice versa.

Should you change your Wi-Fi password? Not necessarily. Updating your password does not protect you against this attack, make sure you update your software, as soon as the manufacturer makes it available.

Sources: Arstechnika, Krackattacks