KRACK attack logo

Mathy Vanhoef, a researcher from the University of Leuven (KU Leuven), has discovered a severe flaw in the Wi-Fi Protected Access II (WPA2) protocol that secures all modern protected Wi-Fi networks.

The flaw affects the WPA2 protocol itself and is not specific to any software or hardware product.

Vanhoef has named his attack KRACK, which stands for Key Reinstallation Attack. The researcher describes the attack as the following:

Our main attack is against the 4-way handshake of the WPA2 protocol. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to confirm that both the client and access point possess the correct credentials (e.g. the pre-shared password of the network). At the same time, the 4-way handshake also negotiates a fresh encryption key that will be used to encrypt all subsequent traffic. Currently, all modern protected Wi-Fi networks use the 4-way handshake. This implies all these networks are affected by (some variant of) our attack. For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES. All our attacks against WPA2 use a novel technique called a key reinstallation attack (KRACK).

In simpler terms, KRACK allows an attacker to carry out a MitM and force network participants to reinstall the encryption key used to protected WPA2 traffic. The attack also doesn't recover WiFi passwords.

Attacker must be within WiFi network range

The attack works only if the attacker is in the victim's WiFi network range, and is not something that could be carried out via the Internet.

HTTPS may also protect user traffic in some cases, as HTTPS uses its own separate encryption layer. Nonetheless, HTTPS is not 100% secure, as attacks exist that could downgrade the connection and grant the attacker access to HTTPS encrypted traffic [1, 2, 3, 4, 5, 6].

The KRACK attack is universal and works against all type of devices connecting or using a WPA2 WiFi network. This includes Android, Linux, iOS, macOS, Windows, OpenBSD, and embedded and IoT devices.

The attack allows a third-party to eavesdrop on WPA2 traffic, but if the WiFi network is configured to use WPA-TKIP or GCMP encryption for the WPA2 encryption, then the attacker can also inject packets into a victim's data, forging web traffic.

Almost any device is affected

Because the vulnerability in establishing the WPA2 handshake affects the protocol itself, even devices with a perfect protocol implementation are affected.

Changing WiFi passwords doesn't protect users. Users must install firmware updates for affected products.

"Any device that uses Wi-Fi is likely vulnerable," Vanhoef said. "Luckily implementations can be patched in a backwards-compatible manner." A list of available products and updates will be available in this US-CERT advisory page that will go live in the following hours. No updates are available at the time of publishing.

While updates are expected for desktops and smartphones as soon as possible, experts believe routers and IoT devices will be affected the most and will see a delay in receiving firmware updates.

Issue discovered last year

Vanhoef discovered the issue in 2016 but kept working to refine his attack. The researcher sent notifications to some affected vendors in July 2017, and US-CERT sent a broader note to more vendors at the end of August.

The expert describes the attack in much more depth on a website dedicated to the KRACK attack, and in a research paper the expert plans to present at this year's Computer and Communications Security (CCS) and Black Hat Europe conference.

Vanhoef also published a video demoing and explaining the KRACK attack.

The following CVE identifiers will help you track if your devices have received patches for the WPA2 flaws Vanhoef discovered.

  • CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
  • CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
  • CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
  • CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
  • CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
  • CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
  • CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
  • CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
  • CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
  • CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.

How to fix the KRACK Vulnerability?

The first thing you should do is not panic. While this vulnerability could allow an attacker to eavesdrop on or modify data being transmitted over wireless connections, at the same time, this attack is not going to be easy to pull off and a working exploit has not been published as of yet.

The good news is that this is a highly covered vulnerability and vendors will quickly release updates to fix this flaw. For consumers and business users, this means updating your router, access point, wireless network adapters, and devices with new firmware and drivers as they are released.

To make it easier for you, BleepingComputer has started compiling a list of vendors who have released advisories or driver and firmware updates. This list can be found at List of Firmware & Driver Updates for KRACK WPA2 Vulnerability and will be constantly updated as BleepingComputer receives new information.