Until recently, WPA2 was considered to be the most secure and reliable wireless network protocol over others such as WEP, and WPA.v1. The security community has however now uncovered the KRACK attack which undermines the authentication and encryption of the WPA2 protocol, thereby negating its security benefits.
Key Reinstallation Attacks (KRACK) work against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data as well as eavesdrop on communications. The only major limitation is that the attacker needs to be within range of a victim to exploit these vulnerabilities.
The impact of this attack is considered high, since the attacker will be able to put the confidentiality, and the integrity all the Wi-Fi traffic at stake.
In this Advisory we will explain how the attack is performed using a nonce. We will then provide our recommendations and mitigation steps in order to keep network infrastructure more secure, especially for enterprise Wi-Fi environments.
Technical Details of the KRACK Attack
WPA2 emerged as most secure wireless standard available using Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), which is based on the AES encryption scheme. It combines the most reliable techniques for the most essential components of the data in transit security such as pre-shared key or 802.1X for access control, EAP methods for authentication, and CCMP for encryption and integrity.
The KRACK attack mainly targets the authentication schemes of WPA2 that rely on pre-shared keys to establish authentication sessions. It targets the 4-way handshake process of the WPA2 and depends on tricking an intended mark into reinstalling an already-in-use key by abusing nonce. Nonce is a number generated for a specific use, such as session authentication. In this context, “nonce” stands for “number used once” or “number once.” An attacker can force these nonce resets by collecting and replaying retransmissions of message three of the 4-way handshake.
Thus, this attack is accomplished by manipulating and replaying cryptographic handshake messages between the client and the target server, in order to gain the control of the authentication session between them, allowing the attacker to extract the WPA2 session key and compromise all traffic for that session.
This weakness was found in the Wi-Fi standard itself rather than different products and implementations, hence any appropriate implementation of WPA2 is likely to be affected by the KRACK attack technique, putting in mind that the ability to decrypt Wi-Fi traffic could still reveal unique device identifiers (MAC addresses) and massive amounts of metadata (websites visited, traffic timing, patterns, amount of data exchanged etc.) which may well violate the privacy of the users on the network and provide valuable intelligence to whoever’s behind the scenes.
Who is affected?
The WPA2 security protocol is widely used as a reliable mechanism for wireless networks and this attack targets security flaws in the WPA2 standard rather than any specific vendor solution. This should be considered critical as we expect this attack technique will affect all systems and users using Wi-Fi to communicate and browse data.
By utilizing the KRACK attack technique, attackers can execute decryption, packet replay, TCP connection hijacking, HTTP content injection, and many other malicious activities, on any session running between Wi-Fi connected systems.
Best Practices to Mitigate the Threat
- Keep Wi-Fi hosted systems updated with the most recent patches from the respective vendors. This is the most important factor into preventing the related impact of the KRACK attack.
- Ensure the pre-shared keys are used once and not repeatable in other sessions.
- Ensure the MAC-filter is enabled and only permitted MAC addresses are allowed to communicate with internal environment.
- User NAC (Network Access Control) solutions to stop any unauthorized endpoints from connecting.
- Disable the SSID broadcast.
- Treat wireless as external & allow access to them through VPN.
- As an addition layer of protection, please consider using a captive portal (SSL enabled) for public users using Wi-Fi to access internet via the Wi-Fi network.
Utilize Help AG Managed Security Services. Our Cyber Security Operations Centre is closely monitoring any related suspicious patterns in wireless traffic and is analyzing previous patterns in recent periods of time to ensure we keep our customers safe and secure.