Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that’s scheduled for 8am Monday, East Coast time, US. An advisory the US CERT recently distributed to about 100 organizations described the research this way:
US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.
Britain’s National Cyber Security Centre said in a statement that it was examining the vulnerability. “Research has been published today into potential global weaknesses to Wi-Fi systems. The attacker would have to be physically close to the target and the potential weaknesses would not compromise connections to secure websites, such as banking services or online shopping. We are examining the research and will be providing guidance if required. Internet security is a key NCSC priority and we continuously update our advice on issues such as Wi-Fi safety, device management and browser security.”
According to a researcher who has been briefed on the vulnerability, it works by exploiting a four-way handshake that’s used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it’s resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.
A Github page belonging to one of the researchers and a separate placeholder website for the vulnerability used the following tags:
WPA2
KRACK
key reinstallation
security protocols
network security, attacks
nonce reuse
handshake
packet number
initialization vector