Wi-Fi has come to occupy such an important place in our lives. It is not just our laptops and smartphones that are Wi-Fi connected but even washing machines, refrigerators, and a host of other IoT devices are wi-fi enabled today. Every single one of these devices is facing the threat of Key Reinstallation Attacks or KRACK attacks today.
Read on to know more about Key Reinstallation Attacks.
What Are Key Reinstallation Attacks?
Key Reinstallation Attacks (KRACK) are severe replay attacks that exploit a fundamental flaw in the WPA2 protocol. The WPA2 protocol can be manipulated into reusing encryption keys, thereby, compromising all Wi-Fi networks and Wi-Fi enabled devices. Discovered in 2017, the KRACK vulnerability shattered the idea that WPA2 was fully secure. Attackers are successful in orchestrating KRACK attacks when in close range of one of the targets.
WPA2 or Wireless Protocol Access v2 is a security protocol. It is used to secure connections in virtually all protected Wi-Fi networks. Using strong encryption, WPA2 secures communications between the PC/ tablet/ smartphone or other Wi-Fi enabled user device and the device providing the Wi-Fi (or the Wi-Fi access point).
Essentially, this helps prevent third-parties from decoding/ making sense of the data being transmitted, even if they are successful in intercepting communications between the user device and Wi-Fi access point
How Does KRACK Work?
The 4-Way Handshake in WPA2 Connections
Typically, the Wi-Fi client uses a 4-way handshake to initiate an encrypted WPA2 connection to a protected Wi-Fi network. The process involves the generation of an encryption key and data encryption through the exchange of 4 messages between the device and the access point.
Through the exchange of proper credentials, usually the network password, the entities involved in the connection are authenticated and a Pairwise Master Key (PMK) is established, making way for data encryption. This is how the WPA2 protocol helps keep the connection and data secure. This is also the reason why users are encouraged to use credential-protected or private Wi-Fi networks rather than open/ public ones.
The KRACK Vulnerability
The full sequence of the 4-way handshake process is required only for the first time the device is connecting to the network, not for reconnection. To make way for faster reconnections, only the third part of the 4-way handshake is resent by the Wi-Fi network.
The third part of the handshake sequence is resent multiple times to ensure a successful connection. It is here that a fundamental flaw arises in the WPA2 protocol, causing the KRACK vulnerability.
The KRACK vulnerability allows the attacker to manipulate and replay the WPA2 encryption key, tricking the device into reinstalling keys already in use. Upon key reinstallation, other parameters such as the nonce (incremental transmit packet number) and the replay counter are set to their original values.
The Process of Key Reinstallation Attacks
- The attacker could create a clone of the Wi-Fi network that the target has previously connected to.
- Since the clone network provides internet access, the target may not notice that they are under attack.
- When the target tries to reconnect to the network again, they are forced to join the clone network.
- Leveraging the KRACK vulnerability, the attacker keeps resending the third part of the 4-way handshake to the target’s device.
- Each time the device accepts the connection request from the clone network, a part of the data is decrypted.
- Through the aggregation of the series of data/ communication, the attacker cracks the encryption key.
- Upon compromising the WPA2 encryption, the attacker can exfiltrate all the data transmitted by the target over the Wi-Fi network by using a software or could orchestrate further attacks.
Dangers of KRACK Attacks
By leveraging Key Reinstallation Attacks, the attackers could gain access to sensitive information such as passwords, credit/ debit card numbers, emails, photographs, private chats, and so on. Using this information, attackers could transfer funds, steal data, commit frauds, engage in identity theft, sell data on the Dark Web or even blackmail users.
Attackers could also inject malware through HTTP content injection to take control of the device/ the website and/or steal data. They could engage in phishing/ social engineering attacks by serving fake websites to unsuspecting users.
Who is At Risk?
All Wi-Fi networks use WPA2 protocol and are at risk of Key Reinstallation Attacks.
If the website uses SSL/ TLS encryption, KRACK attacks are not successful. However, the attacker may use tools such as SSLStrip to trick targets into visiting HTTP versions of HTTPS websites.
The Way Forward
Patches were released the same year by Windows, Android, OSX, Linux, and iOS to protect against KRACK attacks. The best way to prevent KRACK is to keep all devices updated. Users should be encouraged to use only HTTPS websites. Businesses on their end must always keep their websites protected with reputed SSL certificates.
Indusface provides SSL/TLS certificates to secure your data, business, and customers from cybercriminals. With our SSL certificates, you can be sure that your traffic won’t be intercepted by the adversary.