What is KRACK vulnerability (Key Reinstallation Attack)?

KRACK vulnerability, also known as Key Reinstallation Attack, is a new WPA/WAP2 protocol security vulnerability announced on 16th October, 2017 by the Belgian researcher Mathy Vanhoef. This vulnerability utilizes shortcomings of WPA/WPA2 protocol implementation to trigger reinstallation of the key, hence giving the man-in-the-middle attacker the ability to decrypt wireless data packets.

 

The Common Vulnerabilities and Exposures (CVE) website recorded over 10 possible vulnerabilities caused by KRACK (CVE-2017-13007~13082, CVE-2017-13084~13088), all of which points to the same issue at hand – key reinstallation.

 

This security flaw exists in the Wi-Fi standard itself and thus is not specific to particular products or solutions. Essentially, a key should only be installed and used once to ensure security, yet WPA2 does not guarantee this.

 

The PoC (Proof of Concept) section of the paper, “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2”, demonstrated performing a KRACK on an Android phone. In this demonstration, the attacker had the ability to decrypt all the data transmitted by the victim. This method of attack can be easily achieved by attackers because Android and Linux devices will be manipulated by the attackers to reinstall an all-zero encryption key.


The paper also points out that, although it is difficult to decrypt all the packets when attacking other devices (without the all-zero encryption key vulnerability), the attacker can still decrypt a significant portion of the packets. In reality, the author admits that he has yet to have PoC for this part of his theory.

 

Attack targets and methods of KRACK vulnerability

The vulnerability targets on client devices (mobile phones, notebooks, tablets, etc.) that have access to the Wi-Fi network, inducing the client devices to reinstall the key, thus risking packet decryption from an unknown party. To start an attack and induce the key reinstallation process, the attacker has to be physically close to the target Wi-Fi network.

Possible attack methods include:

1.     KRACK triggers Linux and Android 6.0 devices’ all-zero encryption key vulnerability, causing all packets to be easily decrypted.

2.     KRACK vulnerability weakens the defense against replay attacks of WPA2 encryption, increasing the risk of replay attacks on end devices.

3.     The attacker can further decrypt the packets via the KRACK vulnerability if part of the plaintext and ciphertext has already been acquired, but the attacker will not be able to decrypt all the packets.

4.     Without obtaining the plaintext and ciphertext, theoretically there is a possibility of decrypting a small number of packets, but it is highly unlikely.

 

What Wi-Fi users should do about the vulnerability

1.     These attacks are vulnerabilities that could be easily patched by terminal manufacturers and can be prevented by upgrading to the latest version of the terminal system. Please consult manufacturers for their official upgraded version.

2.     As attacks are easier on Linux and Android 6.0 or above, please update the versions as soon as possible.

3.     As attack costs are relatively higher for other devices, users can remain calm as there is no need to be concerned.

4.     Only upgrading APs or home routers cannot resolve the vulnerabilities as they are targeted on the clients.

5.     KRACK vulnerabilities would not cause the leak of passwords, so there is no need to modify the network passwords.

 

The vulnerability’s impact on Ruijie APs (Impact on Ruijie APs is minimal)

·       Ruijie’s RG-MACC products are not affected by the vulnerability.

·       All AP running latest RGOS 11.x platform , and all indoor AP running previous RGOS 10.x are not be affected by KRACK.

·       Affected devices only consist of Outdoor AP performing WDS and running previous RGOS 10.X, and we recommend to upgrade the Outdoor AP to latest RGOS 11.x.

 

>>>Friendly Reminder<<<
 

After the details of the vulnerabilities were revealed, Linux, Microsoft and Apple each released a patch, and we strongly recommend users to update their system versions or install the patches. As of now, the release for the mainstream terminal patches is as follows:

·         Windows: Microsoft has patched the KRACK vulnerability in the cumulative security update on October 10th. Please turn on the Windows 10 automatic update, and for older versions of Windows, please upgrade to Windows 10.

·         iOS: Apple announced the patch for the vulnerability on October 16th. Please update to the latest iOS.

·         Android: Google will fix this vulnerability in November. As the Android system of the mainland manufacturers is non-native, please consult manufacturers for security updates.

·         Linux: wpa_supplicant has released an update to fix this vulnerability. Please download the patch through the package manager.

 

If there are any further inquiries concerning this vulnerability, please contact Ruijie Networks’ 24/7 service hotline. (Skype ID: Ruijie Technical Support)