A newly discovered series of related vulnerabilities dubbed KRACKs (Key Reinstallation AttaCKs) that affect every device using WPA2 encryption could allow nearby attackers to intercept and steal data transmitted across a Wi-Fi network
Mathy Vanhoef, a security researcher at a Belgian university, uncovered KRACKs, which consists of 10 separate vulnerabilities, including a reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake, reinstallation of the group key (GTK) in the 4-way handshake, and a reinstallation of the integrity group key (IGTK) in the 4-way handshake.
“Note that if your device supports Wi-Fi, it is most likely affected,” Vanhoef said on a site detailing the attacks. “During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.”
While all devices using WPA2, the protocol that secures all modern protected Wi-Fi networks, are affected, some devices were described as being “trivial” to exploit with the attack being “especially catastrophic” against wpa_supplicant version 2.4 and above, a Wi-Fi client commonly used on Linux and Android 6.0 and above.
The vulnerability affects the Wi-Fi standard itself not individual products or implementations so any correct implementation of WPA2 is likely affected, Vanhoef wrote.
The attack hasn't been exploited in the wild yet, researchers warn it's only a matter of time before it is exploited. Mike Buckbee, Security Engineer at Varonis, said it's important to keep in mind the attack depends on physical proximity since an attacker would need to be within Wi-Fi range in order to compromise a client.
“An attacker would also need a somewhat specialized networking device and (at this point) be able to code up the exploit manually as no software has been released for this attack,” Buckbee said. “Additional encryption happening at different layers of the communications stack can help make this exploit less of an issue.
He went on to say this is one more reason site owners should be forcing SSL/TLS on their domains and that VPN's are now inexpensive, easily configured, and able to make the KRACK vulnerabilities less of an issues.
“We've seen previous brute force attacks that work against WPA2, but they take time and certain conditions to be successful,” Rod Soto, director of cyber security research at JASK said. “Since this vulnerability appears to be at the protocol level, it will not only make it easier for attackers to compromise WPA2, but also allow them to execute further attacks from some time to come.”
This isn't the first time a popular Wi-Fi protocol was found to be flawed.
"In 2001 the Wi-Fi security protocol WEP was cracked and it was soon deemed unsafe to use in order to keep your data and indeed networks safe from prying eyes,” ESET Security Specialist Mark James said. “Here we are 16 years later and it appears the seemingly trusted protocol WPA2 is going the same way.”
James said some of the biggest challenges to addressing these vulnerabilities is getting routers patched, getting the average user to check and apply any firmware updates, and dealing with older routers that may not even have a patch available.
“The average household would acquire an auto-configured router, install it and forget about it, until possibly they change their internet provider,” James said. “Here, they may go through the same procedure; too many people never check or implement router updates as it's something often too complicated for the home user to be involved in.”
Some researchers said the vulnerability is a call for enterprises to go the extra mile in protecting users.
"There's no stopping users from connecting to public Wi-Fi hotspots, so it's up to the enterprise to layer on protection mechanisms,” Bitglass Chief Executive Officer Rich Campagna said. “This vulnerability speaks to the importance of ensuring that all connections from endpoints leverage strong encryption, such as the latest versions of Transport Layer Security”
Campagna added that Intermediary proxies can ensure that regardless of what the application supports, all connections from end-user devices leverage strong encryption. Some researchers argue protocols should be redesigned.
"In cryptographic protocols, a nonce (Number used ONCE) should never be repeated, but often design flaws are introduced, when the protocol is implemented in software, that allow this to happen,” VASCO Data Security Innovation Security Architect Dr. Steven Murdoch. “One response is to just blame the designer and fix the software, but the same problem will likely come up again in a different place.”
Murdoch said it's concerning that nonce-reuse has even more serious consequences in the next generation of WiFi encryption (GCMP) compared to the existing one and would allow data to be tampered with or eavesdropped. He added that this vulnerability will most likely continue to cause problems for years due to the difficulty in updating routers and the fact that some manufactures wont issue updates for older technologies.
“Affected manufacturers were notified of the vulnerability in August to give them an opportunity to fix the flaw before the public disclosure today,” Murdoch said. “Unfortunately, manufacturers often do not fix vulnerabilities in older products, particularly those that aren't being actively promoted”
Scott Petry, CEO and Founder of Authentic8 said users should understand the vulnerabilities aren't only exploitable on public Wi-Fi networks.
“This exploit isn't restricted to sketchy free wifi,” Petry said “The attack intercepts traffic for users on proper, approved networks. It's not worth the risk, unless you're using an alternate, non-HTTP protocol for accessing the web.”
Researchers suggest users use VPN service when connected via public WI-Fi to ensure they only connect to web sites over HTTPS, update their devices and routers.
Note: This story has been updated to include expert commentary.