Researchers presented an improved version of the WPA KRACK attack
10.10.2018 securityaffairs

Security researchers who devised last year the Key Reinstallation Attack, aka KRACK attack, have disclosed new variants of the attack.
Security researchers Mathy Vanhoef and Frank Piessens who devised last year the Key Reinstallation Attack against WPA, aka KRACK attack, have disclosed new variants of the attack.

Last year, boffins discovered several key management flaws in the core of Wi-Fi Protected Access II (WPA2) protocol that could be exploited by an attacker to hack into Wi-Fi network and eavesdrop on the Internet communications stealing sensitive information (i.e. credit card numbers, passwords, chat messages, emails, and pictures).

WPA2 was compromised, the flaws, in fact, reside in the Wi-Fi standard itself, and not in the numerous implementations.

he KRACK attack allows attackers to decrypt WiFi users’ data without cracking or knowing the password.

According to the researchers, the KRACK attack works against:

Both WPA1 and WPA2,
Personal and enterprise networks,
The bugs impact all implementations, including Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others.

Now the experts presented a new variant of the attack technique at the Computer and Communications Security (CCS) conference

The new attacks no longer rely on hard-to-win race conditions and involved a new method to carry out man-in-the-middle (MitM) attacks.

“First, we generalize attacks against the 4-way handshake so they no longer rely on hard-to-win race conditions, and we employ a more practical method to obtain the required man-in-the-middle (MitM) position.” reads the research paper.

“Second, we systematically investigate the 802.11 standard for key reinstallation vulnerabilities, and show that the Fast Initial Link Setup (FILS) and Tunneled directlink setup PeerKey (TPK) handshakes are also vulnerable to key reinstallations. These handshakes increase roaming speed, and enable direct connectivity between clients, respectively. Third, we abuse Wireless Network Management (WNM) power-save features to trigger reinstallations of the group key”

KRACK attack 2

Experts explained that they achieved the multi-channel MitM position by forging Channel Switch Announcements (CSAs) to trick clients into switching to the desired (rouge) channel.

“We propose a more practical method to obtain the MitM, which works based on Channel Switch Announcements (CSAs). In this method, the adversary forges CSAs to trick clients into switching to the desired (rouge) channel [27, 46].” continues the paper. “This is more reliable then jamming certain channels, and does not require special Wi-Fi equipment. We successfully tested this approach against Android and Chromium”

The security duo also discovered that it is possible to delay the delivery of message 3, which transports the group key to the client after it has been captured. In this way, the key reinstallation will no be immediately triggered allowing to the delay the attack and increasing the potential impact.

Experts successfully tested the delay on Linux, Android, iOS, and macOS, and is also works with encrypted messages.

“Our results show that preventing key reinstallations is harder than initially assumed. We believe the main reason vulnerabilities are still present is because the Wi-Fi standard is large, is continually being expanded with new features, and requires domain-specific knowledge to understand,” the researchers conclude.

“These obstacles can be overcome by having high-level descriptions (or formal models) of all security-related features of Wi-Fi. Additionally, we believe the Wi-Fi Alliance should not only test products for interoperability, but also fuzz them for vulnerabilities,”