KRACK (Key Reinstallation Attacks) Overview

On October 16th 2017 Mathy Vanoef, a security researcher from KU Leuven (a Belgian university) published details of a set of serious weaknesses in the WPA2 protocol used to secure all modern Wi-Fi networks.

These weaknesses allow an attacker to intercept Wi-Fi traffic passing between a Wi-Fi client device (STA) and Access Point (AP) and decrypt that traffic, this makes it possible for the attacker to read information that until now was presumed to be safely encrypted.

At the same time it is also possible for an attacker to inject and modify data flowing over the Wi-Fi connection, this could for example allow an attacker to manipulate what a user’s web browser displays and allow an attacker to harvest the users Internet banking or Gmail credentials.

Does it affect me?

Yes.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any implementation of WPA that complies with the current standards is likely affected. These weaknesses affect both client devices (STAtions) and Access Points (APs), fixing the issue on the Access Point only is not sufficient, client devices must also be patched.

Additionally the main attack that has been published and tested does NOT exploit Access Points but instead targets clients; at this stage any attack against Access Points is purely theoretical. Thus the priority at this time should be updating clients such as laptops, PCs, smartphones and smart TV’s.

How dangerous is it?

To date there have been no reports to indicate that the published vulnerabilities have been exploited “in the wild”. However now that the details of the vulnerabilities have been published it is possible that such exploits may be developed in fairly short order.

Can it be fixed?

Yes.

Patches are already available for some platforms including Windows, with Linux, Apple and Android to follow in the next few weeks.

These patches are ‘Backwards Compatible’ and can be applied to an affected client device without impacting the client’s ability to work with an unpatched Access Point (and vice versa).

Should I change my Wi-Fi network password?

No.

The attack does not expose or rely on the Wi-Fi access password.

Should I change back to WEP?

No.

WPA2 is still more secure than WEP, and the issue can be patched.

Whereas WEP is fundamentally insecure, cannot be patched, and exploits already exist.

What is NetComm Wireless doing about the issue?

The KRACK vulnerabilities affect the following NetComm Wireless products:

Fixed Broadband wireless clients:

  • NP126
  • NP127
  • NP930
  • NP920
  • NP731
  • 4GM3W

Wireless M2M gateways:

Where applicable, patches will be developed for the affected products.

NOTE: NetComm Wireless cannot provide patches to products until patches for the underlying operating system (usually Linux) are published.

Information on patch availability will be provided after further investigation and tests.

What can I do to reduce the risk whilst patches are being developed?

  1. Ensure that application level protection (e.g. HTTPS, SSL ) is enabled
  2. Ensure that Anti-Virus tools are up to date and firewalls are enabled
  3. Pay extra attention to any security warnings displayed in web browsers or applications, do not bypass these warnings,
  4. Pay extra attention whilst browsing via Wi-Fi for possible forged websites
  5. Last, but not least, the Wi-Fi could be switched off if an alternate mechanism like Ethernet or Cellular data is available.

Where can I find more detailed technical information?

The original disclosure can be found here:-  https://www.krackattacks.com/

The technical paper detail the vulnerabilities can be found here:- https://papers.mathyvanhoef.com/ccs2017.pdf