Recently the whole world was circulating information about a new way of attacking Wi-Fi networks. The situation looks pretty serious because of the prematurely compromised all devices using Wi-Fi. The issue lies in the WPA2 specification, so the vulnerability is addressed to all operating systems, mobile devices, and routers. This new attack method is called KRACK and involves changing the keys used during communicating between a Wi-Fi device (e.g. a smartphone) and a router.

The vulnerability of WPA2 (Wi-Fi Protected Access II) protocol, which is considered the safest way to secure Wi-Fi networks, was discovered by researchers at the Catholic University of Lansing in Belgium. The innovative method of attack consists in interfering with the 4-way handshake procedure, which is used to determine the encryption methods and exchange of cryptographic keys between the router and each device connected to the Wi-Fi network.

Wi-Fi manufacturers were informed about the KRACK attack and some of them have already released security updates.

The KRACK attack involves cheating a Wi-Fi device during the 4-way handshake to re-use pre-captured keys. One of the scenarios for using KRACK is a man in the middle attack where hacker’s device is impersonating a router and can be used not only to capture unencrypted data, but also to modify them. Impression demonstrates an elaborate method that lets to listen to data sent by Android Marshmallow or later device. The researchers were able to even apply an additional SSLStrip attack, which on badly designed pages turns off encrypted HTTPS connections and forces usage of unencrypted HTTP.

Who is most at risk of KRACK attack? The worst case scenario is for Linux systems that use wpa_supplicant 2.4 and later. The WPA2 standard suggests cleaning the cryptographic keys after they are used. In practice, it comes down to the fact that after the attacker retrieves 3 messages from the 4-way handshake sequence, the vulnerable device will start using a key consisting of zeros. Unfortunately, all devices running Android 6.0 Marshmallow and later behave in this way. Google is already working on the update, but it is unclear when it will go to all users. Unfortunately, manufacturers of Android devices are slow to prepare updated for their devices. Unfortunately, the owners of unsupported devices are in the worst situation.

Those of you who fear KRACK attacks may in the meantime switch off the 802.11r (fast roaming) support on your devices. On the other hand, in CERT database, you can see if your Wi-Fi device manufacturer has already made the appropriate update.

Source: Key Reinstallation Attacks