WPA and WPA2 clients are all vulnerable to the KRACK attack.

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
robespierre
Posts: 1570
Joined: Mon Sep 12, 2011 2:28 pm
Location: Boston

WPA and WPA2 clients are all vulnerable to the KRACK attack.

Unread postby robespierre » Mon Oct 16, 2017 4:26 am

So saith https://www.krackattacks.com/
The paper is at https://papers.mathyvanhoef.com/ccs2017.pdf

Summary: after WEP was found to be fatally insecure, the 802.11i amendment introduced a new key negotiation protocol, the "4-way handshake". It was mathematically proven to be secure. Two encryption algorithms were defined, TKIP and CCMP, the former being a compatibility wedge that allowed the new security system to function with pre-802.11i wireless cards supporting only RC4. CCMP was the preferred algorithm, based on AES. In the following 14 years, TKIP was found to have certain vulnerabilities, but fully exploiting them required a combination of other protocol weaknesses like ICMP 3:3 responses. CCMP was thought to be secure, although recent revelations of a flawed random number generator in the 802.11i spec were raising concerns.

Today a paper was released that shows the 4-way handshake is (universally) implemented in an insecure way. Specifically, client software chokes when the 3rd packet is received more than once, resetting its nonce or worse: Android 6.0 sets the packet encryption key to zero. This means an attacker can both decrypt network traffic, and inject forged packets, the most serious vulnerability found in WPA to date. All encryption algorithms and modes ("Personal" and "Enterprise") of WPA/WPA2 are affected.

It will be interesting to see which operating systems are patched. Older systems without source access are going to become dangerous on wireless networks. OpenBSD was already patched a few months ago.
:PI: :O2: :Indigo2IMP: :Indigo2IMP:

User avatar
josehill
Moderator
Moderator
Posts: 3318
Joined: Mon Jun 06, 2005 9:53 pm
Location: New England, USA
Contact:

Re: WPA and WPA2 clients are all vulnerable to the KRACK attack.

Unread postby josehill » Mon Oct 16, 2017 5:28 am

robespierre wrote:It will be interesting to see which operating systems are patched. Older systems without source access are going to become dangerous on wireless networks. OpenBSD was already patched a few months ago.


In addition to client-side issues, I expect that an enormous percentage of wireless routers and access points never will be patched, either because vendors won't offer patches for older devices or because device owners, for any number of reasons, won't install available patches.

I've been avoiding going "all devices, all VPN, all the time," but maybe the time for that has arrived.

User avatar
jan-jaap
Donor
Donor
Posts: 4910
Joined: Thu Jun 17, 2004 11:35 am
Location: Wijchen, The Netherlands
Contact:

Re: WPA and WPA2 clients are all vulnerable to the KRACK attack.

Unread postby jan-jaap » Mon Oct 16, 2017 7:48 am

josehill wrote:In addition to client-side issues, I expect that an enormous percentage of wireless routers and access points never will be patched

If I understand correctly, this is a man-in-the-middle attack against the client. Unless you run your router as a wireless repeater, it isn't a client.

I'm sure Windows / Linux / macOS etc will be patched quickly. The real problem is Android.

I don't think IRIX will be affected :mrgreen:
:PI: :Indigo: :Indigo: :Indy: :Indy: :Indy: :Indigo2: :Indigo2: :Indigo2IMP: :Octane: :Octane2: :O2: :O2+: Image :Fuel: :Tezro: :4D70G: :Skywriter: :PWRSeries: :Crimson: :ChallengeL: :Onyx: :O200: :Onyx2: :O3x02L:
To accentuate the special identity of the IRIS 4D/70, Silicon Graphics' designers selected a new color palette. The machine's coating blends dark grey, raspberry and beige colors into a pleasing harmony. (IRIS 4D/70 Superworkstation Technical Report)

User avatar
josehill
Moderator
Moderator
Posts: 3318
Joined: Mon Jun 06, 2005 9:53 pm
Location: New England, USA
Contact:

Re: WPA and WPA2 clients are all vulnerable to the KRACK attack.

Unread postby josehill » Mon Oct 16, 2017 9:53 am

jan-jaap wrote:
josehill wrote:In addition to client-side issues, I expect that an enormous percentage of wireless routers and access points never will be patched

If I understand correctly, this is a man-in-the-middle attack against the client. Unless you run your router as a wireless repeater, it isn't a client.


Correct, but as I understand it, the issue can be mitigated on the router side by patching the router to send the "one-time" handshake key once, and only once, rather than allowing a key to be re-sent multiple times in the absence of client acknowledgment. Obviously, all clients should be patched, but thee are things that can be done on the router side to reduce risk. (That doesn't mean that there won't be connectivity issues introduced by limiting key transmission to single occurrences, but those are separate issues.)

robespierre
Posts: 1570
Joined: Mon Sep 12, 2011 2:28 pm
Location: Boston

Re: WPA and WPA2 clients are all vulnerable to the KRACK attack.

Unread postby robespierre » Mon Oct 16, 2017 2:53 pm

josehill wrote:Correct, but as I understand it, the issue can be mitigated on the router side by patching the router to send the "one-time" handshake key once, and only once, rather than allowing a key to be re-sent multiple times in the absence of client acknowledgment.

Yes, that would be a good idea. The other thing that can be patched on the AP side is to change it to only accept handshake frames from the client with the replay counter equal to the expected value (instead of any value not yet received).
:PI: :O2: :Indigo2IMP: :Indigo2IMP:


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest