The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that’s scheduled for 8am Monday, East Coast time, US. An advisory the US CERT recently distributed to about 100 organizations described the research this way:
US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.
Britain’s National Cyber Security Centre said in a statement that it was examining the vulnerability. “Research has been published today into potential global weaknesses to Wi-Fi systems. The attacker would have to be physically close to the target and the potential weaknesses would not compromise connections to secure websites, such as banking services or online shopping. We are examining the research and will be providing guidance if required. Internet security is a key NCSC priority and we continuously update our advice on issues such as Wi-Fi safety, device management and browser security.”
According to a researcher who has been briefed on the vulnerability, it works by exploiting a four-way handshake that’s used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it’s resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.
A Github page belonging to one of the researchers and a separate placeholder website for the vulnerability used the following tags:
network security, attacks
What should I do?
The attack is unlikely to affect the security of information sent over the network that is protected in addition to the standard WPA2 encryption. This means that connections to secure websites are still safe, as are other encrypted connections such as virtual private networks (VPN) and SSH communications. However, insecure connections to websites – those which do not display a padlock icon in the address bar, indicating their support for HTTPS – should be considered public, and viewable to any other user on the network, until the vulnerability is fixed.
Cisco has started providing fixes for affected products, and will continue publishing software fixes for additional affected products, as they become available. blogs.cisco.com/security/wpa-vulns
At ISN we are monitoring the situation and keeping up to date with the latest reports. As more news comes in we will endeavour to keep everyone up to date. In the meantime, for more detailed information:
Share this story: