Ads Top

Krack Attack Wi-Fi attack: Who is affected and what can be done to mitigate the damage

pic via
A vulnerability in the WPA2 protocol allowing attackers to read encrypted information transmitted over Wi-Fi was discovered by Mathy Vanhoef, a post-doctorate researcher at KU Leuven. Vanhoef's paper on this vulnerability, Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 was submitted for review on May 19, 2017. It will be presented at the Computer and Communications Security conference on November 1, 2017.

Vanhoef first notified vendors with products he personally tested and found to be vulnerable "around" July 14, 2017. After determining that this was a vulnerability of the protocol, not of a vendor-specific implementation, Vanhoef approached CERT/CC, which in turn notified product vendors on August 28th.

Who is affected

Practically any device capable of sending or receiving a Wi-Fi signal is affected. Because of the nature of the attack, the client device is the target and is, therefore, the highest priority for patching.
In Vanhoef's proof of concept against a phone running Android 6.0, the behavior of wpa_supplicant—a Wi-Fi library used in Android and various Linux distributions—causes the encryption key to be erased from memory after being installed the first time. As such, if an attacker retransmits part of the handshake, the library will reinstall the cleared key, effectively replacing the key with a blank one.

According to Vanhoef, "This makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices." He also noted that 41% of Android devices run Android 6.0 or above, where this behavior was introduced. At press time, a patched wpk_supplicant is in testing for Fedora, though no patch has yet been introduced for Ubuntu.

CERT provides a list of vendors with products affected by this vulnerability, with information from individual vendors about the status of their plans to patch or otherwise mitigate this issue.

For enterprise Wi-Fi deployments, Ubiquiti noted that UniFi access points on firmware 3.9.3 and above are not affected by WPA2 key issues, but that fast BSS transition is still affected, though that feature is in beta. Zyxel has posted a page detailing the rollout of patches to address this issue, projected to begin next month. Aruba has posted a memo and updated firmware to address this issue.
What can be done to mitigate damage

For mobile, particularly Android devices, avoiding connecting to Wi-Fi networks in public places—even if they are protected networks.

It is possible to patch devices in a backward-compatible manner, though distribution of these patches is likely to take time. Check with your product vendors to see if a patch is available or necessary. (

No comments:

Powered by Blogger.