Alex Hudson

Thoughts on Technology, Product, & Strategy

WPA2: Broken with KRACK. What now?

On social media right now, strong rumours are spreading that the WPA2 encryption scheme has been broken in a fundamental way. What this means: the security built into WiFi is likely ineffective, and we should not assume it provides any security.

The current name I’m seeing for this is “KRACK”: Key Reinstallation AttaCK. If this is true, it means third parties will be able to eavesdrop on your network traffic: what should be a private conversation could be listened in to.

This has happened before with WiFi: who remembers WEP passwords? However, what is different this time around: there is no obvious, easy, replacement ready and waiting. This is suddenly a very big deal.

In truth, WPA2 has been suspect for some time now. A number of attacks against WPA2-PSK have been shown to be successful to a limited degree, WPA2-Enterprise has shown itself to be slightly more resilient (but doesn’t protect you from these problems).

I have continued to update this as facts become clear. Please note:

  • Credit for this goes to Mathy Vanhoef and Frank Piessens at KU Leuven, who have a great track record of discovering problems here. I want to be clear about this as I’ve be quoted incorrectly in a couple of places!
  • www.krackattacks.com is now up! There is a list of vendor announcements being written, but remember all vendors are potentially affected. Few vendors appear to have updates ready 🙁
  • All attacks appear to require a specific type of Man-in-the-Middle – this means in practice they are difficult to execute. Most of the worst scenarios are mitigated by this – another fault in WPA2 / WiFi will need to be found to make this a genuinely practical attack.
  • Attacks against Android Phones are more damaging and full decryption is possible. Other platforms only allow a small amount of data to be recovered.
  • Windows and Mac OS users are safer. Updates for other OSes will come quite quickly, the big problem is embedded devices for whom updates are slow / never coming
  • For the very technical, the CVE list is at the bottom of this post.
  • The main attack is against clients, not access points. So, updating your router may or may not be necessary: updating your client devices absolutely is! Keep your laptops patched, and particularly get your Android phone updated
  • Correction: I’ve highlighted specifically that WPA2-Enterprise is vulnerable.
  • If you have some great advice to share or corrections to this, please let me know!

Information here is good as of 2017-10-16 20:00 UTC.

So, this is going to be a horrible Monday morning for IT admins across the world. The practical question is: what now?

Keep Calm

Remember, there is a limited amount of physical security already on offer by WiFi: an attack needs to be in proximity. So, you’re not suddenly vulnerable to everyone on the internet. It’s very weak protection, but this is important when reviewing your threat level.

Additionally, it’s likely that you don’t have too many protocols relying on WPA2 security. Every time you access an https site – like this one – your browser is negotiating a separate layer of encryption. Accessing secure websites over WiFi is still totally safe. Hopefully – but there is no guarantee – you don’t have much information going over your network that requires the encryption WPA2 provides.

So, we’re alright?

In a word, No. There are plenty of nasty attacks people will be able to do this. They may be able to disrupt existing communications. They may be able to pretend to be other nodes on the network. This could be really bad – again, they won’t be able to pretend to be a secure site like your bank on the wifi, but they can definitely pretend to be non-secure resources. Almost certainly there are other problems that will come up, especially privacy issues with cheaper internet-enabled devices that have poor security.

You can think of this a little bit like your firewall being defeated. WiFi encryption mainly functions to keep other devices from talking on your network (the security otherwise has been a bit suspect for a while). If that no longer works, it makes the devices on your network a lot more vulnerable – attackers in proximity will now be able to talk to them.

Story for your boss

Keep it simple, and ideally get ahead of the game by communicating now. Re-iterate:

  • this won’t let people who are not physically present into your networks;
  • it’s unlikely any data is protected by the encryption WPA2 provides; in particular, accessing secure websites is still fine;
  • think about increasing the level of security of the nodes on your network if possible – make sure your AV is up-to-date, firewalls turned on, etc.;
  • if you’re paranoid about certain data or systems, turn off WiFi and switch to one of an internal VPN, a wired ethernet connection or mobile data (for WAN access);
  • that you are on top of the situation and monitoring the best next steps.

In terms of what to do, in many ways, we’re at the behest of our vendors. If you have a high quality vendor (I would include companies like Ruckus and Cisco in this bracket, for example) I expect new firmware to be available very shortly to mitigate these problems. This may well result in incompatibility with existing devices: as a business, you will need to make a decision in that case (unless you need compliance with PCI-DSS or similar, in which case you likely have little choice).

Story for friends / family

This is where it gets really sucky. Lots of us have old routers at home, which have no chance of a firmware upgrade, and lots of WiFi equipment that may well not get a protocol upgrade if one is required. Right now, it sounds like all this stuff is going to be worthless from the perspective of encryption.

Reiterate the same points as above:

  • secure websites are still secure, even over WiFi;
  • think about setting your computers to “Public Network” mode – that increases the level of security on the device relative to “Private / Home Network” modes. Remember, if third parties can get onto our home networks, they’re no longer any safer than an internet cafe;
  • if you’re paranoid about your mobile, turn off WiFi and use mobile data when necessary;
  • it sounds like no similar attack against ethernet-over-mains power line is possible, so home networks based on mains plugs are problem still ok;
  • keep computers and devices patched and up-to-date.

What for the future?

As I said before, this is a big problem, but not one that was unexpected. A number of encryption protocols have been problematic over the years; many of the implementations of those protocols have been even worse.

It’s clear to me that “Internet of Things” type devices will be the hardest hit. Devices with embedded WiFi for secondary functional purposes, like TVs and baby monitors, are unlikely to get proper updates. As a protocol problem, it’s possible we will be forced to choose between security and functionality, and many users will choose the latter – it’s a difficult problem to weigh.

I would love to say there’s an easy answer. I think it’s important that networks become increasingly software-defined, and that it makes sense that future standards focus on that runtime rather than the protocol itself. We cannot rely on vendors to keep devices up-to-date either (for many reasons), but previous attempts at standardising a runtime (like UEFI) aren’t promising, either technically or security-wise.

As consumers, we have to continually question the security credentials of devices we buy, and demand the best evidence of their security. This is a tough ask; even in the IT world, buying “secure” is difficult. In tech we must strive for better.

CVEs involved

If you don’t know what these are, don’t worry – they are the “official notifications” of a problem, if you like. If you have a vendor of WiFi equipment, you will want to ask them if they’re affected by any of these, and if so, what the solutions are:

  • CWE-323
  • CVE-2017-13077
  • CVE-2017-13078
  • CVE-2017-13079
  • CVE-2017-13080
  • CVE-2017-13081
  • CVE-2017-13082
  • CVE-2017-13083
  • CVE-2017-13084
  • CVE-2017-13085
  • CVE-2017-13086
  • CVE-2017-13087

Previous

Software architecture is failing

Next

Faster Continuous Integration with some stowage patterns

29 Comments

  1. WT

    > this won’t let people who are not physically present into your networks;

    Mobile phones with WiFI are an attack vector (that does not require physical presence)

  2. Alex

    Yeah, that’s a definite possibility. Personally, I rate the security of a device like the iPhone much higher than other wifi-based stuff, though, and it would be difficult to select a device in order to access a specific network – equally, if you don’t care about the specific network, the device probably has a selection of juicy wifi passwords already setup.

    I think you’ve just helpfully illustrated the big problem with KRACK, though: it changes the threat models sufficiently that suddenly we have to re-think the whole thing. Someone with a much better imagination than me may well be able to blow networks wide open with this flaw 🙁

  3. Simon

    Any paper or research on this?

  4. But what these means? I mean for breaking a wep password there are thousands off tutorials online any 14year old kid can do it witouth any knowledge. But you cant do a attack like these thath easy no(i am not a expert just saying, maybe is a easy attack). Thanks for news.

    Viva hitlario.

  5. Mike

    I’ve been telling people for years that:

    1) WiFi is just another term for “radio”.

    2) No encryption is worth using unless the NSA uses it internally. And they aren’t using WEP or any flavor of WPA.

    3) you don’t want to put anything on radio that you wouldn’t want to see on the front page of the Los Angeles times, above the fold.

    4) Especially don’t do anything involving money or non-public information on radio (use a copper cable). I tell the home users to use a computer plugged into the back of the router).

    Mike

  6. Joe

    Source?

  7. Joe

    Does this impact wpa2 enterprise as well? We use wpa2 preshared key for our guest evironment :/. Hopefully Cisco is working on a patch release for its controllers.

  8. Roger J.

    My employer’s WiFi leaks up to a block away. We have multiple sites. All are in residential areas. (We see freeloaders on our hospitality network often.) Thus far nobody has made it to the corporate network. A process to use MAC authentication and device profiling is in the works. This just made the timeline to NOW.

  9. Shane Grissom

    So for someone using MAC address security on their WIFI network, will they be protected still? Seems to me this would not impact that, since you are basically NOT using WPA-2 to secure your home network.

    Yes?

  10. Brad Lloyd

    Thank you for this excellent article. It is so well done and I’m very happy to promote it within my networks.

  11. Alex

    Not yet – this will be disclosed later today. I will update with proper links when I have them!

  12. Alex

    I don’t think we know how hard this will be yet, but what I’m reading is that it will be pretty easy. Apparently a series of different attacks will be published for different vendors, so it won’t be super-simple, but this stuff is so easy you automate the days…

  13. Alex

    Chatter on social media from a bunch of people I respect and know a lot about infosec. We’ll find out later if it’s good or not, but the abstract of the paper being presented doesn’t pull any punches.

  14. Alex

    I don’t know yet. It’s possible that Enterprise is better protected, but I wouldn’t say that for sure yet. It might depend on the vendor.

  15. Alex

    That’s a good start, although MAC can be spoofed 🙁 I wish I could suggest something easy – so far there’s nothing obvious.

  16. Alex

    As I said on another comment, if you can see the traffic on the network, you can see other MAC addresses and potentially spoof them. MAC Auth gives you better protection on wired, where the port is dead until you present a good MAC. I’m afraid I don’t know if this will help on WiFi!

  17. Alex

    Thank you Brad! I’m hoping that I can link to other experts as the news breaks as I’m not really an infosec person, but this is important to talk about, especially with less technical users.

  18. It is very easy to repeat a radio signal with the same information.
    Military and police communication systems are being attacked using signal repeaters.
    It is about using a Raspberry Pi with an SDR pendrive, that listens and emits the base band, all the information in a package of radio frequency.
    Everything that goes by air, all communications can be broken using SDR.

  19. JMC

    Well, this is going to be interesting.

    If your home router supports it, you can give it a list of allowed MAC addresses and only let those MACs join the network.

    WPA2 is still useful to prevent casual interception

  20. KEC

    In what ways can this affect WiFi calling on phones through Google Fi, T-Mobile, and others? Say I have poor cell service so I rely in WiFi calling at home. Can someone with access to my network through KRACK listen in on calls?

  21. Alex

    If you’re using an app like WhatsApp or similar you’re fine. If you’re using standard VoIP you’re probably fine, although VoIP endpoints have often terrible security and I would worry about people being able to dial out without your knowledge. In terms of mobile range expanders, I don’t know – I would hope you’re ok, but I don’t know how they work underneath I’m afraid.

  22. VD

    What about many home routers acting as DNS servers too?

  23. Alex

    I’ve seen that doing the rounds. That’s from 2016, and I think it’s a related problem, but the problem today is new.

  24. Alex

    Clearly a problem. DNSSEC sadly doesn’t give us much protection (a lot of infosec people I respect think that, as a protocol, it’s pretty broken). However, secure HTTPS websites should still be ok – you can forge a DNS record, but it’s much more difficult to forge a certificate. I think impersonating / taking over home routers is going to be a substantial problem here, though.

  25. Siva

    I use VPN for all my communication even in cellphone. Nothing to hide, and nothing to give is my moto.

  26. Shaun Clarke

    I can’t believe some people think they are OK if they use MAC address authentication. The MAC address of your clients are actually not encrypted, so anyone can use a passive sniffer to get the MAC addresses of legitimate devices on your network even if your network is encrypted. In addition, you don’t even need 3rd party tools to assign a “user-defined” MAC address to an interface.

  27. Alex

    Unfortunately it’s advertised and described as a security feature. It doesn’t offer much protection, and I’d traffic can be sniffed it’s basically useless 🙁

  28. Tank

    Thanks for the article, Alex! Good information and a helpful alert everyone can benefit from.

    WPA2 hasn’t ever been totally secure but KRACK really takes that security down a few notches. Secure communication over WiFi is, sorta, an oxymoron. But wow, holy new attack vectors!

    On the bright side, VPNs and encryption in general (such as site provided like https and personal like PGP) do exist and are proven to work in most scenarios when implemented correctly. As you noted, not many services rely on WPA2 as their sole encryption method.

Leave a Reply