Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Man the harpoons: The KRACK-en reawakens in updated WPA2 attack

Belgium, home of fine chocolate, fries-with-mayo, and Wi-Fi key reinstallation attacks

The Belgian researcher who last year gave the world the KRACK attack has returned with what he says is a refined version of the vulnerability.

KRACK was first disclosed roughly 12 months ago by Mathy Vanhoef of Flanders university KU Leuven.

It was a protocol attack, meaning any implementations that followed the standard inherited the issue. An attacker could fool WPA2's four-way handshake, causing the victim to reuse nonces – of the cryptographic kind – meant for a single use.

Smart oven

WPA2 security in trouble as KRACK Belgian boffins tease key reinstallation bug

READ MORE

That sent vendors on a patching scramble, but further work on Vanhoef's part led him to suspect KRACK still works. He went public with his follow-up here, ahead of presenting a paper (PDF) to the Association of Computing Machinery's SIGSAC conference later this month.

The tl;dr version is in the abstract of the paper by Vanhoef and his co-researcher Frank Piessens:

  • We show how to attack the 4-way handshake without relying on hard-to-win race conditions, and use a method to more easily obtain the required multi-channel MiTM [man in the middle].
  • We systematically analyse all 802.11 features that negotiate or manage keys, and discover that the FILS and TPK* handshake are also vulnerable to key reinstallations.
  • We show that the updated 802.11 standard is still vulnerable to reinstallations of the group key, and present implementation flaws that affect the security of group-addressed frames.
  • We analyse security patches of vendors, and discover several implementation-specific key (re)installation vulnerabilities.

Apple's macOS and iOS operating systems both had buggy patches that have since been fixed, Vanhoef wrote.

And there's more – the 802.11v Wireless Network Management (WNM) protocol has provided a path around official patches, via deep-sleep power-saving features.

Vanhoef and Piessens believed an attacker can exploit WNM-Sleep frames to get around Wi-Fi's protocol fixes.

Vanhoef wrote: "The official defence states that a device shouldn't reinstall an already in-use key. However, this defence can by bypassed by first letting the victim install a new key, to then let it (re)install an old key."

He said the attack exploits the interaction between EAPOL-Key frames and WNM-Sleep frames, and it only allows the attacker to reinstall the group key. That made it a low-impact vulnerability.

There's a proof-of-concept key reinstallation attack script at GitHub. ®

Bootnote

* FILS, or Fast Initial Link Setup, was only signed off in June 2017 and isn't in widespread deployment yet. TPK, Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key, is a handshake designed for direct client-client connectivity, such as connecting from a TV to a tablet without going through the access point.

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like