Monday, October 16, 2017

KRACK WPA Vulnerability - Key Reinstallation AttaCK

TL;DR at the end.

Short summary

It is a new vulnerability in the WPA handshake implementation that allows in certain cases to decrypt a lot/all the WPA traffic without knowing the key (and it won't reveal the key).

Most devices are affected but Linux and Android are most affected. Patching will fix the issue.

The attack works if you are connecting to a legitimate access point, which means the attacker has to be in range of both devices. If you are far away from your legitimate AP (such as traveling), it won't affect you.

Proof of concept code (to test the vulnerability) hasn't been published yet.

Who needs to worry?

Businesses and governments are more likely at risk due to (trade) secrets and personal information they handle.

Even though your device(s) are most likely vulnerable, there is no reason to worry. It is a bad flaw but the chances of having it exploited is rare, especially considering the PoC hasn't been published yet.

To put it in comparison, there are still WEP access point around but that doesn't mean they are attacked all the time. However, it isn't a reason to keep vulnerable stuff around, fix (or replace) them.

More details please


CVEs

  • CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
  • CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
  • CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
  • CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
  • CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
  • CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
  • CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
  • CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
  • CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
  • CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.

CWE

  • CWE-323: Reusing a Nonce, Key Pair in Encryption

You might also want to check out Ars Technica (even though their title is a bit dramatic in my opinion), US CERT advisory which includes some affected vendors and the FixKrak website.

How to test it?

Mathy Vanhoef, the author of this vulnerability, posted tools on his GitHub to test AP/client vulnerability.

How to fix it?

Update (or patch) your systems when updates are available, plain simple (and keep them up to date).

Some vendors as well as some Linux distributions already provided a fix and if you keep your devices up to date, then they should already be patched. For other devices, you are dependent on the vendor to provide a patch.

If your (vulnerable) device is End of Life, it might be a good time to replace it (it is probably not be the only vulnerability in it).

A list of vendor responses is available here and here.

TL;DR

Don't worry, another day, another vulnerability. Just patch/update your stuff (computers, cellphone/tablets, AP/routers, IoT) and keep them updated. Businesses/governments should contact their vendors for a patch/press release regarding the vulnerability (devices are not always vulnerable) and if you are running an EoL device, it might be a good time to replace it.