Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


07:10 PM
Connect Directly

Secure Wifi Hijacked by KRACK Vulns in WPA2

All modern WiFi access points and devices that have implemented the protocol vulnerable to attacks that allow decryption, traffic hijacking other attacks. Second, unrelated crypto vulnerability also found in RSA code library in TPM chips.

Researchers at Belgium's University of Leuven have uncovered as many as 10 critical vulnerabilities in the Wi-Fi Protected Access II (WPA2) protocol used to secure WiFi networks.

The vulnerabilities are present on both client and access point implementations of the protocol and give attackers a way to decrypt data packets, inject malware into a data stream and hijack secure connections via so-called key reinstallation attacks (KRACKs).

(The disclosure of the WPA2 flaws is the second one in recent days involving a crypto standard.  Last week, Google, Microsoft and others warned about a bug in several Infineon trusted platform module (TPM) firmware versions that gives attackers a way to recover the private part of RSA keys generated by the TPM using only the corresponding public key. Nearly all Chrome OS devices that include an Infineon TPM chip are affected, and although large-scale attacks are not possible, a practical exploit already exists for targeted attacks.)  

The KRACK attacks work on all modern wireless networks using the WPA2 protocol and any device that supports WiFi is most likely impacted, the researchers said in a technical paper that they will present at the upcoming Black Hat Europe security conference. However the flaws are not easy to exploit and require attackers to be in close proximity to a victim, thereby making the flaws somewhat less severe of a threat despite their ubiquity.

"Vulnerabilities that focus on issues with network protocols across many devices makes the threat landscape of this vulnerability very large," says Richard Rushing, CISO of Motorola Mobility and a speaker at Dark Reading's upcoming INsecurity security conference in November.

[Discuss "Writing an Effective Mobile Security Policy" with Richard Rushing, CISO of Motorola Mobility, at the INsecurity Conference, for the defenders of enterprise security, Nov. 29 - 30.]

But as with all Wifi threats, physical proximity is required for the vulnerabilities to be exploitable, he says. "Most wireless IDS and IPS should be able to see this attack, and take preventative actions," Rushing said. "In many cases there are other Wifi man-in-the-middle attacks that can be just as successful given a user WiFi configuration." 

Meanwhile, US-CERT described the KRACK vulnerabilities as existing in the WPA2 standard itself thereby putting all correct implementations of the protocol at risk of attack. An attacker within range of a modern access point and client can use the vulnerabilities to carry out a range of malicious actions. Depending on the encryption protocols being used by the WiFi network, the "attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames," US-CERT said. The advisory listed close to 150 vendors whose products are impacted by the vulnerabilities.

In the technical paper and a blog, researchers Mathy Vanhoef and Frank Piessens from the University of Leuven demonstrated a proof-of-concept key reinstallation attack that takes advantage of the WPA2 vulnerabilities to decrypt encrypted data.

The attack is targeted at the four-way handshake that takes place when a client device wants to join a protected WiFi network. The handshake is designed to ensure that both the client and the access point have the correct credentials to communicate with each other.  The manner in which the third handshake takes place essentially gives attackers an opportunity to force resets of a cryptographic nonce counter used by the encryption protocol so data packets can be decrypted, replayed or forged, according to the two researchers.

The key reinstallation attack against the 4-way handshake is the most widespread and practically impactful attack currently possible against the WPA2 vulnerabilities, Vanhoef and Piessens said in the paper. "First, during our own research we found that most clients were affected by it. Second, adversaries can use this attack to decrypt packets sent by clients, allowing them to intercept sensitive information such as passwords or cookies." The manner in which WPA-2 has been implemented on devices running Linux and Android 6.0 and above make them particularly vulnerable to key reinstallation attacks, they said.

Organizations – corporate enterprises, businesses, schools and universities, retail shops and restaurants, government agencies – that have deployed Wi-Fi networks using WPA2 encryption are affected. When mobile users connect to these Wi-Fi networks with smartphones, tablets, laptops and other devices, they are also exposed to these vulnerabilities. Both the 802.1x (EAP) and PSK (password)-based networks are affected.

Hemant Chaskar, CISO and vice president of technology, at Mojo Networks says corporate enterprises, businesses, schools and universities, retail shops restaurants, government agencies and any organization that has deployed Wi-Fi networks using WPA2 encryption are affected.  "When mobile users connect to these Wi-Fi networks with smartphones, tablets, laptops and other devices, they are also exposed to these vulnerabilities. Both the 802.1x (EAP) and PSK (password)-based networks are affected," he says.

Nine of the 10 vulnerabilities require attackers to be relatively sophisticated, he says. In order to exploit these flaws an attacker would need to use a MAC spoofing access point as a Man-in-the-Middle to manipulate data flowing between the client device and the real access point. "For the remaining, a practical exploit can be launched using a sniffer that can listen to and replay the frames over the wireless medium. So, it requires less attacker sophistication. "The main risk from all of them is replay of packets into the client or access point," Choskar says. "Another potential arising out of these exploits is the presence of packets in the air that are decryption-prone."

Gaurav Banga, founder and CEO of Balbix, said the newly found vulnerabilities, while present in a lot of products, should not be a cause of widespread panic. For one thing, it requires a sophisticated attacker and physical proximity in order to exploit. There has also been no sign of any exploit code in the wild so far and patches are available or will soon be available. "With iOS and Windows, the attack is quite difficult to pull off. Many of the security questions are around Android, since it is rarely patched," he says.

Users and organizations can mitigate the risk by using VPN over WiFi, avoiding websites that do not use HTTPS and updating their devices as soon as patches are released, he says.

Related content:


Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
User Rank: Ninja
10/17/2017 | 1:53:36 PM
WiFi routers
I wonder how many routers in small homes and businesses have the admin password set to something unique other than default values --- which can be found on the web very easily.  I used to drive around my town with Netstumbler and years ago most of them were WIDE OPEN anyway.  
Agent Aix les Bains
Agent Aix les Bains,
User Rank: Apprentice
8/6/2018 | 9:16:41 AM
Re: WiFi routers
This has still not changed in terms of Wifi security, indeed most logins are never modified by users... That's scary! 
User Rank: Ninja
10/22/2017 | 8:26:12 PM
AP Proximity
Physical proximity of the wireless AP is not always required to exploit a client's system. Have you ever observed over Airodump or by other means that when an SSID is stored in their system, it constantly broadcasts all of their recently connected networks? This information can be useful in coordinating an attack utilizing a rogue access point and even the user's whereabouts. Maybe WPA2 TKIP PSK AES is proven to be weak in nature as is since there are also well constructed rainbow tables available though massive in size. Key requirements are only between 8 and 63 characters. But have WAP venders really even bothered to address the issue and severely flawed WPS (Wifi Protected Setup) which in most cases is unknowingly enabled by default? No they haven't. Some firmware's WPS can be exploited even when disabled. I haven't even mentioned covert wireless channels... WPA2 needs to me scratched completely. 


Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.