WPA2 KRACK unleashed

WPA2 Krack in a nutshell

While its raging all over , lets see in what the finding is all about?

KRACK (Key Reinstallation Attack) is a replay attack discovered in 2016 by Belgian researchers Mathy Vanhoef and Frank Piessens.

The details were published in October 2017.

1. Where exactly is KRACK exploiting wireless networks?

WPA2 protocol offers a "four-way handshake."

In simple words, the 4-way handshake determines whether a user attempting to join a network and the access point offering the network have matching credentials.

By repeatedly resetting the nonce transmitted in the third step of the WPA2 handshake, an attacker can gradually match encrypted packets seen before and learn the full keychain used to encrypt the traffic.

2. How does it become vulnerable?

The four-way handshake generates a new encryption key ( the third communication in the four way handshake)

3. Enter the "Key Reinstallation Attack"

At this juncture, a hacker can tamper/ record and replay this third message, enabling them to reinstall a cryptographic key already used!

3. Attack vectors:

a. This key reuse resets the counters for packets of data,
b. Attacker can replay/decrypt as well as forge packets.

Good news:
Most current versions of iOS and Windows aren't vulnerable since they implemented the WPA2 standard to prevent resends of the third handshake message.

Bad news:

Users are left at mercy of developer to release patches.


Comments

Post a Comment

Popular posts from this blog

Arbitrary file upload and RCE in Wonder CMS - CVE-2017-14521

Cross Site Request Forgery- Intex Router N-150 | CVE-2018-12529

Stored XSS in Wonder CMS- CVE-2017-14522