The Krack security exploit was discovered by Mathy Vanhoef, a cybersecurity expert at Belgian university KU Leuven, who will present his research at the Computer and Communications Security (CCS) conference later this month.
“We discovered serious weaknesses in WPA2, a protocol that secures all modern protected WiFi networks,” Vanhoef wrote in a blogpost describing the vulnerability. “An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.”
“This implies all these networks are affected by (some variant of) our attack. For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES.”
In a statement, today Cisco acknowledged multiple wireless products are affected by these vulnerabilities and said it will release software updates to address these vulnerabilities. There is a workaround that addresses the vulnerability in CVE-2017-13082. There are no workarounds that address the other vulnerabilities described in this advisory.
This advisory is available at the following link:
Apple also claims to have fixed the issue in certain versions of its operating systems, including iOS used on iPhones and watch OS used on the Apple Watch, and macOS used on Apple Macs. The patches, however, are mostly available only for trial versions of the software and therefore are available only for developers.
“Microsoft released security updates on October 19 and customers who have Windows Update enabled and applied the security updates are protected automatically,” the company said in a statement. “We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates.”
A research paper with the title of “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2” was made publicly available. This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2) protocols. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point. Additional research also led to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless supplicant supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11v (Wireless Network Management) standard. The three additional vulnerabilities could also allow the reinstallation of a pairwise key, group key, or integrity group key.