Matthew Eidelberg is a consultant in Optiv’s advisory services practice on the attack and penetration team. Matthew’s primary role is to conduct security assessments for Optiv’s clients while also developing detailed remediation procedures in order to provide the best value to Optiv’s clients.
KRACK - What you need to know about Key Reinstallation AttaCKs
On Monday, October 16, researchers announced the discovery of several vulnerabilities within the wireless protocol WPA and WPA2. The details of these vulnerabilities—dubbed KRACK—have not been disclosed in full to the public, as researchers only released a whitepaper and a video outlining the vulnerabilities. In the days following the announcement, more and more information was released, but many questions still go unanswered.
The basic issue with this vulnerability is its impact on a commonly-used wireless security protocol used by enterprises and consumers—WPA2. This vulnerability not only affects WPA/WPA2 Personal but also WPA/WPA2 Enterprise implementations on access points as well as wireless client devices. In short, an attacker can conduct this attack by injecting packets that reinstall the encryption keys to a known value, allowing them to decrypt and replay traffic from clients. This can happen with a few specific configurations, including:
- Android/Linux devices with a standard WPA configuration.
- Systems with fast transition (802.11r) enabled and the client supplicant vulnerable as well. 802.11r is used to help transitioning from one access point to another without re-authenticating. Many manufacturers do not enable this feature by default due to deployment complications. Some recommend its use and others do not for specific wireless applications.
- The use of GCMP (Galios/Counter Mode Protocol), which also is vulnerable to the same replay attack.
The picture below outlines which vulnerabilities can be exploited on access points and client devices.
Figure 1: Source – KRACK Attack Whitepaper, Written by Mathy Vanhoef
There are no new attack vectors or techniques associated with KRACK vulnerability, other than injecting encryption keys and causing clients to use these new encryption keys known to the attacker, allowing the attacker to replay, decrypt or forge wireless traffic. Replaying, traffic decryption and wireless packet forging attacks have been well-known, commonly used and documented prior to the release of this vulnerability.
To help protect themselves against the KRACK vulnerability, consumers should update their wireless access points and clients as soon as patches become available. Most access point vendors and Linux distributions have released patches. The following matrix outlines the current list:
Vendor Patch Management
|Vendor||Patch Available||In Development||Not Directly Affected|
Figure 2: Source – https://github.com/kristate/krackinfo
The picture below outlines which WPA implementations are vulnerable on specific devices.
Figure 3: Source – KRACK Attack Whitepaper, Written by Mathy Vanhoef
So, what does this mean? WPA/WPA2 Enterprise and Personal authentication credentials are not compromised. Changing either user passwords or the PSK will not mitigate this vulnerability. This is an issue in how wireless devices or clients handle the key reinstall sent during the 4-way handshake.
As of right now, Windows 7, 10 or iOS 10.3.1 and above are only vulnerable if using an unpatched GCMP configuration. At this time, Microsoft has released a set of patches to address this issue. While GCMP is rarely used, most wireless devices will utilize one of the currently vulnerable WPA implementations. A large amount of the vulnerable devices consists of unpatched versions of Linux and Android; however, some versions of Apple’s software are vulnerable. Apple has developed a set of patches across OSX, WatchOS and TVOS to address this vulnerability that will be available soon. CERT is maintaining a list of affected vendors that also links to each vendor’s current or planned remediation, if released.
Until patched, approach WPA networks with the same caution as an open network at your local café. Since this vulnerability could potentially compromise the encryption of a wireless network, useful countermeasures until patches for specific devices are released include using HTTPS for all websites and/or using a VPN to encrypt all network traffic.
Today, there are no proven signatures that can be used to detect the KRACK attack. However, there are signatures to detect man-in-the-middle or “Evil Twin AP” attacks. These alerts can be used to detect an outside threat but not whether a key reinstallation has occurred. The use of wireless intrusion detection systems and wireless intrusion protection systems (WIDS/WIPS) should be a part of a healthy wireless security practice.
Steven Darracott is a consultant in Optiv’s advisory services practice on the attack and penetration team. Steven’s role is to provide network penetration testing to determine vulnerabilities and weaknesses in customer networks and environments. He specializes in wireless infrastructure attacks of customer networks.
Aruba Enterprise Architect
Charlie Koehler brings more than 15 years of experience to his current role. As an Aruba Enterprise Architect, Koehler is responsible for working with the sales teams across the country to design and scope projects of all sizes and technologies. Charlie extends his assistance throughout the company to assist other teams in his areas of expertise as needed. He also works very closely with different teams from the delivery side of the company to plan overall solutions that can be used across the company.
Practice Manager, Attack and Penetration
Josh Wyatt is a practice manager in Optiv's advisory services practice on the attack and penetration team. Josh is responsible for day-to-day practice leadership, as well as, advancing Optiv's attack and penetration team tradecraft, services, and solutions. His area of expertise is offensive security governance, program development, and integrations.