KRACK (Key Reinstallation Attack) is a severe replay attack (a type of exploitable flaw) on the Wi-Fi Protected Access protocol that secures Wi-Fi connections. It was discovered in 2016 by the Belgian researchers Mathy Vanhoef and Frank Piessens of the University of Leuven. Vanhoef's research group published details of the attack in October 2017. By repeatedly resetting the nonce transmitted in the third step of the WPA2 handshake, an attacker can gradually match encrypted packets seen before and learn the full keychain used to encrypt the traffic.
The weakness is exhibited in the Wi-Fi standard itself, and not due to errors in implementation of a sound standard by individual products or implementations. Therefore, any correct implementation of WPA2 is likely to be vulnerable. The vulnerability affects all major software platforms, including Microsoft Windows, macOS, iOS, Android, Linux, OpenBSD and others.
The widely used open-source implementation wpa_supplicant, utilized by Linux and Android, is especially susceptible as it can be manipulated to install an all-zeros encryption key, effectively nullifying WPA2 protection in a man-in-the-middle attack.
The attack targets the four-way handshake used to establish a nonce (a kind of "shared secret") in the WPA2 protocol. The standard for WPA2 anticipates occasional WiFi disconnections, and allows reconnection using the same value for the third handshake (for quick reconnection and continuity). Because the standard does not require a different key to be used in this type of reconnection, which could be needed at any time, a replay attack is possible.
An attacker can repeatedly re-send the third handshake of another device's communication to manipulate or reset the WPA2 encryption key. Each reset causes data to be encrypted using the same values, so blocks with the same content can be seen and matched, working backwards to identify parts of the keychain which were used to encrypt that block of data. Repeated resets gradually expose more of the keychain until eventually the whole key is known, and the attacker can read the target's entire traffic on that connection.
The risk is especially severe because WPA2 is used on the majority of internet-enabled mobile devices to a fixed access point or home router (although some of the traffic itself may still be encrypted, through the use of higher-level protocols such as SSL/TLS).
According to US-CERT:
"US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017."
The paper describing the vulnerability is available online, and is due to be formally presented at the ACM Conference on Computer and Communications Security on 1 November 2017. US-CERT is tracking this vulnerability, listed as VU#228519, across multiple platforms. The following CVE identifiers relate to the KRACK vulnerability: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087 and CVE-2017-13088.
Some WPA2 users may counter the attack by updating Wi-Fi client and access point device software, if they have devices for which vendor patches are available. However, vendors may delay in offering a patch, or not provide patches at all in the case of many older devices.
Patches are available for different devices to protect against KRACK, starting at these versions:
|Android||all||Android 2017-11-06 security patch level|
|Chrome OS||all||Stable channel 62.0.3202.74|
|iOS||iOS 11||iOS 11.1 for iPhone >=7, iOS 11.2 for all iOS devices running iOS 11. iOS versions earlier than iOS 11 were not vulnerable.|
|macOS High Sierra||10.13||macOS 10.13.1|
|macOS Sierra||10.12||Security Update 2017-001 Sierra|
|OS X El Capitan||10.11||Security Update 2017-004 El Capitan|
|Windows||7||KB4041681 or KB4041678|
|Windows||8.1||KB4041693 or KB4041687|
|Windows Server||2012||KB4041690 or KB4041679|
Some WPA2-enabled WiFi access points have configuration options that can disable EAPOL-Key frame re-transmission during key installation for WPA2-compliant devices that do not have KRACK patches for their clients that mitigates the KRACK exploit. Attackers cannot cause re-transmissions with a delayed frame transmission, thereby denying them access to the network, provided TDLS is not enabled. One disadvantage of this method is that, with poor connectivity, key reinstallation failure may cause failure of the WiFi link.
- Cimpanu, Catalin (16 October 2017). "New KRACK Attack Breaks WPA2 WiFi Protocol". Bleeping Computer. Retrieved 2017-10-16.
- Gallagher, Sean (2017-10-16). "How the KRACK attack destroys nearly all Wi-Fi security". Ars Technica. Retrieved 2017-10-16.
- Hern, Alex (2017-10-16). "'All wifi networks' are vulnerable to hacking, security expert discovers". The Guardian. ISSN 0261-3077. Retrieved 2017-10-16.
- Vanhoef, Mathy (2017). "Key Reinstallation Attacks".
- Goodin, Dan (2017-10-16). "Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping". Ars Technica. Retrieved 2017-10-16.
- "41 percent of Android phones are vulnerable to 'devastating' Wi-Fi attack". The Verge. Retrieved 2017-10-16.
- "KRACK Attack: Wi-Fi Protocol Vulnerability Leaves Networks And Devices At Risk". Eyerys.com. Retrieved 2017-10-17.
- Merriman, Chris (2017-10-16). "World WiFi at risk from KRACK". V3. Retrieved 2017-10-16.
- Vanhoef, Mathy; Piessens, Frank (2017). "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" (PDF). Retrieved 2017-10-16.
- "Vendor Information for VU#228519". www.kb.cert.org. Retrieved 2017-10-16.
- Wagenseil, Paul (16 October 2017). "KRACK Attack Threatens All Wi-Fi Networks: What to Do". Tom's Guide. Retrieved 17 October 2017.
- "Android Security Bulletin – November 2017". android.com. Retrieved 2017-11-07.
- "Stable Channel Update for Chrome OS". chromereleases.googleblog.com. Retrieved 2017-11-07.
- "About the security content of iOS 11.1 – Apple Support". support.apple.com. Retrieved 2017-11-01.
- "About the security content of iOS 11.2 – Apple Support". support.apple.com. Retrieved 2017-12-07.
- "All official 14.1 builds built after this tweet have been patched for KRACK". twitter.com. 16 October 2017. Retrieved 2 November 2017.
- "About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan – Apple Support". support.apple.com. Retrieved 2017-11-01.
- "About the security content of tvOS 11.1". Apple Support. Retrieved 2017-11-07.
- "About the security content of watchOS 4.1". Apple Support. Retrieved 2017-11-07.
- "CVE-2017-13080 Windows Wireless WPA Group Key Reinstallation Vulnerability". microsoft.com. Retrieved 2017-11-01.