The KRACK Attack

Unless you've been living under a rock for the past several weeks, you've probably heard about the KRACK wireless vulnerability (Key Reinstallation AttaCK) that’s present in ALL unpatched Wi-Fi systems.

The exploit takes advantage of design or implementation flaws in Wi-Fi Protected Access II (WPA2) cryptographic protocols to reinstall a key that’s already in use, allowing attackers to eavesdrop on some or all data transmitted or received over a Wi-Fi connection. If your network is not patched against this vulnerability, hackers have basically got the keys to your kingdom.

What you need to know:

With the exception of certain military-grade specialty devices, all Wi-Fi capable devices are affected. The severity of the impact varies, depending on your operating system, confidentiality protocol, and the handshake type used by your network. Some configurations allow the attacker to replay and decrypt some traffic. Other configurations permit the attacker to replay and decrypt all traffic, as well as injecting arbitrary packets.

What can you do?

The National Security Agency has published a list of five recommended mitigations.

1. Install patches to both the clients and Access Systems as soon as they are made available.  Relevant CVEs: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, and CVE-2017-13088.
2. Disable Fast BSS Transition on Access Systems until patches are available to prevent the FT handshake attack.
3. Temporarily use only AES-CCMP until patches are available.
4. Install an underlying virtual private network until patches are available.
5. Do not use modes requiring generation of a Peerkey.

We'll provide more updates as they become available.

Listen to this...

Steve Gibson’s Security Now Pod Cast; https://www.grc.com/securitynow.htm