This blog post was written for rapid release. Please check back for further details and updates as it becomes available.
A serious weakness in WPA2 was discovered and published this morning here, which allows an attacker within wireless range to exploit this weakness using a Key Reinstallation Attack (KRACKS). This discovery can be leveraged by potential attackers to capture encrypted sensitive data, and it also possible to manipulate data between server and client in a Man-in-the-Middle (MitM) style attack. WPA2 is widely used to as a (presumed) secured protocol to secure Wi-Fi networks. Wi-Fi is one of the widely used technologies around the world with an install based of over 6.8 billion devices.
KRACK targets wireless clients and exploits the 4-way handshake that takes place during wireless authentication. For those interested in the technical details, they can be found be on the website by Mathy Vanhoef, who made this discovery. This attack is especially effective against the Linux and Android 6.0+ operating systems.
As stated by Mathy Vanhoef, “Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations. For example, HTTPS was previously bypassed in non-browser software, in Apple’s iOS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps.”
Due to the potential exposure and impact of this discovery, we highly recommend that you check with your hardware vendor for additional information and updates. There is a detection script that is being developed and will be released soon, and please check back for any further updates and links.
According to the website, the following Common Vulnerabilities and Exposures (CVE) identifiers were assigned.
- CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
- CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
- CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
- CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
- CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
- CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
- CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
- CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
- CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
- CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
This is a good reminder of the importance of implementing a security practice to keep a pulse on current events and newly discovered vulnerabilities and exposures. By managing these vulnerabilities through identifying exposed assets, you can dramatically reduce your exposure to potential attacks quickly to help reduce the risk and impact to your organization. To find out how ElevatedPrompt leverages discoveries like this to enrich our threat intelligence powered cybersecurity services, contact us to find out how we can help you safeguard your organization through our Identify, Detect and Respond framework.
Our general recommendation at this time is to look out for any vendor updates and use a Virtual Private Network (VPN) at all times while using Wi-Fi connections.
More to come on this developing discovery….