MCNC Security Advisory 2017.002

Vulnerabilities in Wi-Fi Security Protections (KRACK Attack)

General Information

Executive Summary

On Monday, October 16, 2017, security researchers released details of serious flaws in the WPA2 protocol used to secure wireless networks. These vulnerabilities allow attackers to access and decrypt wireless communications on affected networks.

The researchers have named the attack KRACK, short for Key Reinstallation Attacks. Attackers can leverage the KRACK attack to decrypt wireless transmissions and potentially intercept passwords, emails, or other sensitive data that would normally be secured over a properly configured wireless network connection.

MCNC is releasing this advisory to constituents to ensure they have the latest information and suggest actions that they can undertake to protect themselves.

Advisory Details

Details of the Issue

The KRACK attack exploits a number of weaknesses in WPA2, a protocol designed to secure wireless network communications between computing devices and wireless networking devices. By exploiting these weaknesses, an attacker can wirelessly intercept and decrypt network transmissions that should be secured.  The researchers state:

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks

The researchers developed a method to attack the 4-way handshake of the WPA2 protocol.  This handshake is used when a client wants to connect to a protected Wi-Fi network.  It ensures that the client possesses the correct credentials to access the network, and it negotiates a new encryption key that will be used to encrypt the network traffic.  In order to guarantee security, a key should only be used once.  The KRACK attack abuses weaknesses in the WPA2 protocol to cause this key to be re-used, which eventually makes it trivial for an attacker to decrypt the encrypted messages.

The researchers have provided detailed documentation of the vulnerabilities and the attack at this web site: https://www.krackattacks.com/. Please review this site for full technical details on the vulnerabilities.

Fortunately, these issues can be corrected with software updates. Vendors will likely make updates available for both wireless clients (laptops, desktops, mobile phones, tablets, etc.) and wireless networking infrastructure (wireless routers and access points). As of this writing, the web sites below are maintaining lists of impacted vendors and the status of available updates.

https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/

https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it

Please visit this site for more information on how to update your potentially impacted systems.

Additional Information

  1. https://www.krackattacks.com/  
  2. https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/  
  3. http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf
  4. https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/ 
  5. https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it 
  6. https://9to5mac.com/2017/10/16/wifi-wpa2-hacked/ 
  7. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
  8. https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr

Revisions

  • v1.0 (October 16, 2017): Advisory published.