Jump to content
Tuts 4 You

KRACK - Breaking WPA2 by forcing nonce reuse

Extreme Coders

By Extreme Coders
in Network Security

 Share

Recommended Posts

Extreme Coders

Extreme Coders

Posted
Posted

INTRODUCTION

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

DETAILS

Our main attack is against the 4-way handshake of the WPA2 protocol. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to confirm that both the client and access point possess the correct credentials (e.g. the pre-shared password of the network). At the same time, the 4-way handshake also negotiates a fresh encryption key that will be used to encrypt all subsequent traffic. Currently, all modern protected Wi-Fi networks use the 4-way handshake. This implies all these networks are affected by (some variant of) our attack. For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES. All our attacks against WPA2 use a novel technique called a key reinstallation attack (KRACK):

https://www.krackattacks.com/

  • Like 3
Link to comment
Share on other sites
Blah

Blah

Posted
Posted

hello all :)

 

anybody know which update is a must have installed for win7 right now??i stopped installing updates some point during there time trying to force everybody to update to win10..

now theres that wifi krack vulnerability going on and wanna atleast keep that hole patched. im on win7 64bit :)

https://portal.msrc.microsoft.com/en-US/eula

 

cheers mates n thanx for any suggestions

B :)

Link to comment
Share on other sites
Teddy Rogers

Teddy Rogers

Posted
Posted

This is one of those occasions where you can evaluate the performance of a company whom takes the security of their devices seriously for their end users. Unfortunately there will be a lot of old hardware out there, still being used, where its reached EOL that will never see a patch or firmware update. Even if an update exists it's up to end users to know about this vulnerability, care enough about it and have the competency to update their devices. I can foresee a lot of unpatched devices being used in hotels, coffee shops, etc for years to come where there is greater opportunity to exploit this in MITM attacks...

Ted.

  • Like 1
Link to comment
Share on other sites
Kurapica

Kurapica

Posted
Posted

you are right teddy, several layers of laziness, incompetence and indifference will keep this vulnerability active for years.

Must be a gold mine for many 3 letter agencies all over the world :(

Be safe ...

  • Like 1
Link to comment
Share on other sites
kao

kao

Posted
Posted

Keep calm and think a bit. 

So far, the best summary I have seen is provided by Alex Hudson: https://www.alexhudson.com/2017/10/15/wpa2-broken-krack-now/

Quote
  • this won’t let people who are not physically present into your networks;
  • it’s unlikely any data is protected by the encryption WPA2 provides; in particular, accessing secure websites is still fine;
  • think about increasing the level of security of the nodes on your network if possible – make sure your AV is up-to-date, firewalls turned on, etc.;
  • if you’re paranoid about certain data or systems, turn off WiFi and switch to one of an internal VPN, a wired ethernet connection or mobile data (for WAN access);

 

In short - it's broken "cryptographically" but it's not something Rob The Thief can/will use to steal all your pornbitcoins. 

 

  • Like 2
  • Haha 1
Link to comment
Share on other sites
Kurapica

Kurapica

Posted
Posted

yeah sure, I will update my Kaspersky now !! who trusts any AV these days ?!

and I will subscribe to a VPN who says "We don't keep any logs"

we can't deny it's a clear and present danger, at least in the part of the world where I live, ticking the "Like" button

can send you to prison for 5 years, true story.

  • Like 2
  • Haha 1
Link to comment
Share on other sites
Teddy Rogers

Teddy Rogers

Posted
Posted

Those suggestions from Alex are all good and well for those technically minded. They aren't going to help the moms and pops of the world and those whom are not technically minded and are using hardware (predominantly Android devices) and firmware with this vulnerability. It's not a good position to be in having the risk of all your traffic being captured and relying on TLS, and VPN's implementations to shore up the gaps. I'm going to side with Matthew Green on this one with the IEEE needing to be more open to allow more scrutiny and review of specifications and how they are implemented...

Ted.

  • Like 3
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...