Unfortunately, we found this is not guaranteed by the WPA2 protocol.īy manipulating cryptographic handshakes, we can abuse this weakness in practice. replay counter) are reset to their initial value.Įssentially, to guarantee security, a key should only be installed and used once. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. This is achieved by manipulating and replaying cryptographic handshake messages. In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This implies all these networks are affected by (some variant of) our attack.įor instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES.Īll our attacks against WPA2 use a novel technique called a key reinstallation attack (KRACK): Key reinstallation attacks: high level description the pre-shared password of the network).Īt the same time, the 4-way handshake also negotiates a fresh encryption key that will be used to encrypt all subsequent traffic.Ĭurrently, all modern protected Wi-Fi networks use the 4-way handshake. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to confirm that both the client and access point possess the correct credentials (e.g. Our main attack is against the 4-way handshake of the WPA2 protocol. the content of a website).Īlthough websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations.įor example, HTTPS was previously bypassed in non-browser software, Additionally, depending on the device being used and the network setup, it is also possible to decrypt data sent towards the victim (e.g. In general, any data or information that the victim transmits can be decrypted. Our attack is not limited to recovering login credentials (i.e. In any case, the following demonstration highlights the type of information that an attacker can obtain when performing key reinstallation attacks against protected Wi-Fi networks: When attacking other devices, it is harder to decrypt all packets, although a large number of packets can nevertheless be decrypted. This is because Android and Linux can be tricked into (re)installing an all-zero encryption key ( see below for more info). In this demonstration, the attacker is able to decrypt all data that the victim transmits.įor an attacker this is easy to accomplish, because our key reinstallation attack is exceptionally devastating against Linux and Android 6.0 or higher. DemonstrationĪs a proof-of-concept we executed a key reinstallation attack against an Android smartphone. Update October 2018: we have a follow-up paper where we generalize attacks,Īnd enhance attacks using implementation-specific bugs. Our detailed research paper can already be downloaded. The research behind the attack will be presented at the Computer and Communications Security (CCS) conference, and at the Black Hat Europe conference. Note that if your device supports Wi-Fi, it is most likely affected.ĭuring our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.įor more information about specific products, consult the database of CERT/CC, or contact your vendor. To prevent the attack, users must update affected products as soon as security updates become available. Therefore, any correct implementation of WPA2 is likely affected. The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. The attack works against all modern protected Wi-Fi networks.ĭepending on the network configuration, it is also possible to inject and manipulate data.įor example, an attacker might be able to inject ransomware or other malware into websites. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks.Īn attacker within range of a victim can exploit these weaknesses using key reinstallation atta cks (KRACKs).Ĭoncretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |