A security researcher has reported a serious vulnerability in the Wi-Fi Protected Access II (WPA2) security protocol that could allow hackers within range of a wireless network to intercept data, or even inject malicious content or malware in certain cases. The flaw was discovered by Mathy Vanhoef of the Imec-DistriNet Research Group of Belgian university KU Leuven. Vanhoef executed a successful attack as a proof of concept.
Called Key Reinstallation Attacks (KRACK), the exploit manipulates the four-way “handshake” WPA2 uses to authenticate the connection between an endpoint device and access point (AP). The third message of the handshake provides the device with a new encryption key for encrypting the traffic that will be transmitted over the connection.
Because messages may be lost or dropped during this process, WPA2 is designed to allow multiple transmissions of the encryption key information until the endpoint device acknowledges receipt. An attacker could intercept and force retransmission of the message, tricking the device into reinstalling an encryption key that’s already in use and resetting certain parameters to their initial values. Reuse of the encryption key makes it possible for the attacker to decrypt the data, even though WPA2 uses strong encryption.
KRACK exploits a weakness in the WPA2 protocol itself, and thus can affect any Wi-Fi network and Wi-Fi-enabled endpoint device. Linux and Android devices are particularly vulnerable because the WPA2 software they typically use can easily be tricked into reinstalling an all-zero encryption key instead of the real key. Recent versions of Windows and Apple’s iOS either are not affected or are vulnerable only in specific situations.
If certain encryption protocols are used, KRACK also makes it possible to forge and inject data packets. This could allow an attacker to insert ransomware or other malware into a website that a device is visiting.
Vanhoef submitted a paper on the vulnerability in May, but kept the findings secret to allow vendors time to develop and release patches. A coordinated public announcement was made on Oct. 16. Vanhoef has set up a website on the topic, with the paper, a demonstration video and other details.
The vulnerability can be remediated by modifying WPA2 software to ensure that it installs an encryption key only once. Vanhoef notes that patches can be developed in a way that is backwards compatible, meaning that patched and unpatched devices can still communicate.
Several vendors have issued patches for their APs. Microsoft distributed a Windows patch as part of its regular Patch Tuesday release on Oct. 10, but recommends that users also install new Wi-Fi device drivers where available. Linux patches have been developed but it’s unclear when they will be included in the various Linux distributions or made available to Android users. The Computer Emergency Readiness Team (CERT) has published a web page listing products that are known to be affected with information on each vendor’s security advisories and patches.
The Wi-Fi Alliance said in a statement it has found no evidence that the vulnerability has been exploited by an attacker. Security expert Brian Krebs wrote in a recent blog post that he doesn’t anticipate KRACK becoming a serious threat unless easy-to-use attack tools become available. However, any vulnerable device should be patched as soon as an update becomes available.
Note that updating APs can be complex, and a misconfiguration could bring down your Wi-Fi network. Contact SageNet if you need assistance, or if you would like further information on remediating this vulnerability.