What is KRACKs?
KRACKs (Key Reinstallation AttaCKs) is a series of related vulnerabilities in WPA2, the encryption protocol used to secure the vast majority of Wi-Fi networks. If successfully exploited, they could allow attackers to intercept and steal data transmitted across a Wi-Fi network. In some instances, attackers could have the ability to inject or manipulate data being transmitted, such as manipulating web pages or delivering malware to victims.
What should I do?
Wi-Fi users should immediately patch any Wi-Fi-enabled device they use once a patch is made available.
Should I change my Wi-Fi password?
No. Changing passwords will not prevent attacks. Only patching the vulnerabilities will prevent exploitation.
Who discovered KRACKs?
The vulnerabilities were discovered by Mathy Vanhoef, a security researcher at Belgian university KU Leuven. He has created a website detailing his findings.
Is this being exploited by attackers in the wild?
There are no reports yet of attackers attempting to exploit these vulnerabilities in the wild. However, as with all newly discovered vulnerabilities, it is only a matter of time before attacks are attempted.
Does KRACKs affect my router? Will I need to patch it?
The vulnerabilities lie in how WPA2 devices authenticate themselves when connecting to a network and thus mainly affect devices connecting to a router. However, users are advised to check with their router’s manufacturer to check that no update is required.
Are some devices more vulnerable than others?
While all devices using WPA2 encryption are vulnerable, some may be more easily exploitable than others. Vanhoef said the attack was “especially catastrophic” against version 2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux and Android 6.0 and above. Interception and manipulation of traffic sent by devices running these operating systems was described as “trivial”.
Are there any additional precautions I can take while waiting for a patch?
Yes. By using a secure VPN (Virtual Private Network), such as Norton WiFi Privacy, your web traffic will be encrypted by additional means and will be safe from interception.
Alternatively, only using HTTPS-enabled websites means your web traffic will also be encrypted by SSL and may be safe from interception. However, Vanhoef has warned that this guidance is only effective if HTTPS is properly configured on websites.
Nevertheless, even in cases where HTTPS is improperly configured, taking these precautions will make it more difficult for attackers to exploit the vulnerabilities because it will require them to deploy additional tools.
Symantec Endpoint Protection Mobile also provides additional protection by blocking malicious activity that may be used in conjunction with the KRACK vulnerabilities.
What are the vulnerabilities involved?
KRACKs consists of 10 separate vulnerabilities. Many WPA2 implementations may be affected by all 10.
- CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake
- CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake
- CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake
- CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake
- CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake
- CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it
- CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake
- CVE-2017-13086: Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
- CVE-2017-13087: Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
- CVE-2017-13088: Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame