Wi-Fi encryption KRACK-ed with re-keying injection

On Monday, a coordinated disclosure announcement revealed that WiFi networks are at risk. The disclosure was found early with the discovery of the GitHub repository for the talking points on the issue. The security teams investigating the matter named it KRACK. They documented their findings on www.krackattacks.com. Ars Technica was the first to publish an article (Severe Flaw in WPA2 Protocol leaves Wi-Fi traffic open to eavesdropping) on the vulnerability. It’s extensive reporting since even reached the UK’s not-so-tech-savvy Daily Mail. Their sensationalist headlines aren’t so far from the mark this time. (‘Almost all’ home routers are at risk of being HACKED: Massive flaw in Wi-fi protection is found that lets cyber criminals spy on your every move)

The attack works by injecting a known encryption key into the communication between the client and access point. The attacker can read the information in flight between the devices, meaning ALL data transferred is vulnerable. Indeed the researchers warn you not to rely solely on HTTPS to protect you, given that exploitations of HTTPS handshake at weak points have happened before.

The Key-Reinstallation attACK (which derives the KRACK name) occurs during the encryption key exchange. The attack abuses the four-way handshake between the two end-points agreeing a common short duration shared key protecting the traffic. This should be reset a while later with a new key, preventing a compromised key revealing all the data exchanged. This handshake process occurs in both WPA, WPA2, and AES encrypted personal and enterprise Wifi networks.

The video below shows both the WiFi KRACK attack in use to insert a malicious device into the middle of the data flow. Once there, even SSL data can be decrypted using other tools already available.

CERT is coordinating the responses from device manufacturers. Check the vendors you use (both of operating system and of device drivers). Install any updates that are available to remediate against the various attack vectors that KRACK exposes.And check for that lock symbol in the top left of this webpage (you are using HTTPS, right?)

And check for that lock symbol in the top left of this webpage (you are using HTTPS, right?)

Stay safe out there.