WPA2 "KRACK" Attack
Starting yesterday, word of a new attack against WPA2 started to take over security news feeds. This "Key Reinstallation Attack" (aka KRACK) can be used to substantially weaken many WPA2 implementations.
The web site created by the discoverer of the attack does explain the issues around this problem quite well, so I just want to point out some of the highlights [1]:
- access points as well as clients should be patched, but the main target are clients.
- This attack is particuarlly serious for Linux clients (Android). A specific implemention issue in these clients can lead to an all "0" encryption key being used.
- There are a few variants of the attack. All WPA2 implementations are affected by them in some form
- The POC implementation has not been made public yet, and there is no simple to use tool yet to launch the attack. But the paper about the vulnerability should contain sufficient details to create such a tool.
So what can you do?
- Patch. Once patches become available, apply them expediciously.
- If possible, do not just rely on WPA2 for security. SSL / IPSec can provide an additional layer of defense
- Use wired networks if possible (always a good idea)
This attack doesn't affect public access points as much. These types of access points do not usually use WPA2 in the first place, and if they do it is typically more for billing then to protect user traffic.
I expect an easy to use attack tool to be published within a few weeks, at which point you should have updated at least your clients. The tricky part will be legacy clients for which you wont easily find patches.
AES-CCMP is less vulnerable then WPA-TKIP or GCMP. But even with AES-CCMP, the attacker may be able to decrypt packets. Just packet injection is less likely with AES-CCMP. So I do not consider AES-CCMP a "quick fix", but a "necessary hardening" of the installion.
You will not need to change your WPA2 passphrase. This will easy upgrades. But of course, changing your passphrase may be a good idea anyway.
Lance Spitzner from SANS Securing the Human put together a nice blog post to inform non techincal users about the impact of this vulnerability:
https://securingthehuman.sans.org/blog/2017/10/16/28748/
[1] https://www.krackattacks.com
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
Comments
Anonymous
Oct 16th 2017
7 years ago
Anonymous
Oct 16th 2017
7 years ago
NO!
JFTR: how do you expect this (trivial to bypass) feature of your access point to impair an attackers ability to send arbitrary WiFi packets from his equipment to any client connected to your access point? The "ether" is a shared medium!
Anonymous
Oct 16th 2017
7 years ago
No. Too much labor, too easy to subvert. Look up the use of Ethernet Locally Administered Addresses (LAA). A widely available, standard feature of Ethernet networking can be used to set a local MAC address to any desired value, including the address of a computer observed communicating on your network. Filter bypassed.
The SANS Securing the Human Ouch! newsletter has a considerable amount of useful consumer level information. See the February 2016 issue "Securing Your Home Network." [1]
[1] https://securingthehuman.sans.org/resources/newsletters/ouch/2016#february2016
TomS.
Anonymous
Oct 16th 2017
7 years ago
Anonymous
Oct 16th 2017
7 years ago
Anonymous
Oct 16th 2017
7 years ago
OUCH!
Which part of "NO!" alias MAC address filtering prevents NOTHING is so hard to understand?
Simplified: KRACK lets the client reuse a (zeroed) encryption key.
Anonymous
Oct 16th 2017
7 years ago
Anonymous
Oct 16th 2017
7 years ago
Anonymous
Oct 16th 2017
7 years ago
>and if they do it is typically more for billing then to protect user traffic.
Are you sure about this? wigle.net is showing only 7% of their database using WPA, while 59.8% are using WPA2, and 20% are unknown. From what I see in my neck of the woods WPA2 is pretty common for 'public' WiFi access.
Anonymous
Oct 16th 2017
7 years ago