What you need to know about the "KRACK Attack" vulnerability

By: David Page
Security Analyst
CISSP, QSA
If you haven’t already heard, security researcher Mathy Vanhoef recently discovered a serious vulnerability, dubbed “KRACK,” within the current industry standard encryption protocol "Wi-Fi Protected Access II" (WPA2). WPA2 encrypts traffic on all modern Wi-Fi networks, so any device connected to Wi-Fi could be affected.

On October 16, 2017, this vulnerability was made public. If exploited, it could allow hackers to decrypt and read Wi-Fi-transmitted network traffic in some situations.

What you need to know:

  • Watch for patches and updates to be released by Wi-Fi device manufacturers and vendors in the near future. Install updates for all devices and operating systems as soon as available. All affected personal and enterprise Wi-Fi devices will need to be patched eventually. See which vendors are affected and if they have been updated/patched yet.
  • This exploit requires the attacker have access to your wireless network. Organizations will fare better if they’ve architected their critical Wi-Fi networks to limit coverage to intended areas, and followed other Wi-Fi networking best-practices. 
  • Since this attack is performed over Wi-Fi, using cellular data or an ethernet cord would remove the risk of KRACK. Also, if you connect using a virtual private network (VPN), that will encrypt all your internet traffic.
  • Make sure to only share sensitive data on sites with HTTPS encryption. 
  • Changing a Wi-Fi password or replacing your router won’t stop KRACK Attacks. This issue is not related to devices themselves. 
  • Android and Linux devices are most easily affected. Most versions of iOS and Windows are only vulnerable when using non-typical multicast communications on a wireless network.

What does KRACK stand for?

Vanhoef coined the acronym “KRACK” to stand for “key reinstallation attack.”

How does a key reinstallation attack work?

The WPA2 protocol currently employs a “4-way handshake,” which confirms that both the client and access point have the correct credentials (a password), while at the same time creating a fresh (never used) encryption key that will be used to encrypt all subsequent traffic.

In a key reinstallation attack, a hacker would manipulate and replay the cryptographic handshake messages to trick a victim into reinstalling an already-in-use encryption key. Because the attacker forces reuse in this manner, the encryption protocol can be attacked, e.g., packets can be replayed, decrypted, and/or forged.

Vanhoef recorded a video demonstration of such an attack.