KRACK – Key Reinstallation Attacks – What you need to know

What is KRACK and how does it work

The KRACK WPA2 vulnerability was discovered by Mathy Vanhoef of imec-DistriNet his website on the research is here

Mathy presented some of his research on this at Black Hat on the 27 July 2017, presentation here:

If you want to learn more about the technical aspects of this vulnerability then here is a great video series by Pentester Academy and Mojo Networks

The Wi-Fi Alliance has released the following security update here and a list of the individual vulnerabilities and vendor information can be found on the CERT site here

Do I need to turn off my wireless networks?
No you do not need to start turning off all your wireless networks. As stated in the Wi-Fi Alliance update, there is no evidence that the vulnerability has been exploited maliciously yet. It is also worth noting that for this attack to be successful an attacker must be in close proximity and it requires a sophisticated attack. Sensitive corporate data is often sent using TLS which will not be affected by this attack.

Out of the 10 vulnerabilities 9 of them are client side, so keeping your clients patched is the best way to protect against the KRACK attack. Vendors have known about these vulnerabilities for a few months now and many have already released patches or will be soon.

Vulnerability CVE-2017-13082 (accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it) is a wireless infrastructure vulnerability relating to the 802.11r FT. This vulnerability should be patched as soon as possible and if no patch if currently provided by your infrastructure vendor, perhaps disabling 802.11r FT until a patch is available would be the best approach.

Posted in