KRACK Attack – WPA2 Wi-Fi Vulnerability: Why You Should Be Concerned

How KRACK Works

KRACK (Key Reinstallation Attacks) was discovered by Mathy Vanhoef, of imec-DistriNet, KU Leuven, by accident whilst he was working on an unrelated security paper. Further investigation revealed that the attack works by exploiting a 4-way handshake of the WPA2 protocol which lets new devices that have a pre-shared password, join the network.

Once an attacker establishes a man-in-the-middle position between the client and the access point, they can then “selectively manipulate the timing and transmission of messages in the WPA2 Four-way, Group Key, Fast Basic Service Set (BSS) Transition, PeerKey, Tunneled Direct-Link Setup (TDLS) PeerKey (TPK), or Wireless Network Management (WNM) Sleep Mode handshakes, resulting in out-of-sequence reception or retransmission of messages.”

In easier terms:
The victim is tricked into reinstalling a key that is already in use. The attacker manipulates the handshake and replays it.
After getting inside your network, the attacker can listen in on all of your network traffic. Although the attacker must be within physical proximity, public Wi‑Fi hotspots are everywhere — so there is still cause for concern.

Why This Matters

Because the vulnerabilities are in the Wi-Fi standard itself and not the actual device, if your WPA2 is set up correctly it is still affected.

Any device that uses wi-fi is at risk, so taking stock of all of your wi-fi connected ‘things’ is a good idea. Vendors of IoT devices don’t often release updates or security patches, so these are the devices you need to be particularly wary of on your network.

Changing passwords will not make the device secure, only vendor patches will.

Using a secure VPN and visiting HTTPS‑only websites may reduce risk, as this traffic cannot be decrypted using this attack.

What you need to do

•  Update/patch the firmware for your router/modem and access points as soon as a patch is available.
• Apply updates/patches to IoT devices (home assistants, amplifiers, sound bars, stereo equipment, kettles, aircon, etc).
• Update/patch any devices with Wi‑Fi capabilities: printers, faxes, switches, computers, laptops — including firmware and operating systems.

A list of currently known vendors affected by this vulnerability can be found here.

If your vendor hasn’t released an update for your device as yet, continue to check for it or visit the vendors website for more information.

Vendor Patch Status (as of 2017)

• Apple: iOS, macOS, watchOS and tvOS patches are currently in beta stage and are to be released via software updates over the coming weeks
• Arch Linux: Patches for WPA Supplicant and Hostapad are available
• Aruba: Patches are available for ArubaOS, Aruba Instant, Clarity Engine and others
• Cisco: Many of the Cisco devices are affected but at this stage only some patches are available, pending further investigation
• DD-WRT: Flashrouter patch available
• Debian/Ubuntu (Linux)
• Espressif Systems: Patches have been released for ESP-IF and ESP8266 versions
• Fedora
• Fortinet: Firmware updates are expected
• Google: Any affected devices will be patched over the coming weeks
• HostAP: Several patches are available
• Intel: Updated wi-fi drivers and patches for chipsets that are affected have been listed
• LineageOS
• Linux: Patch is available (OpenBSD was previously fixed in July)
• Microsoft: Security update was released via automatic updates on October 10, 2017
• Microchip Technology
• MikroTik
• Netgear: WAC120, WAC505/WAC510, WAC720/730, WN604, WNAP210v2, WNAP320, WNDAP350, WNDAP620, WNDAP660, WND930
• OpenBSD
• Ubiqiuti
• Ubuntu
• WatchGuard