Today’s most import new in the IT field could be the one related to the break of the WPA2 protocol for the Wi-Fi networks using the KRACK Attack. I’m pretty sure you already read about it on newspaper, social media or news website but I always thing is important to spread this kind of news to as many people as possible. Let’s check how it works and how to fix it!
Mathy Vanhoef discovered on July a way to crack the WPA2 and use a man-in-the-middle attack to decrypt all the data from the victim and the Wi-Fi network. He named KRACK Attack (Key Reinstallation Attacks). For those of you who doesn’t know about man-in-the-middle (MitM) attacks we can say that this kind of attack could be use to decrypt or inject packets during a side to side communciation:
The idea is that the attacked stays between the victim and the web server and he captures the communication between both sides. Using this technique for example e you can spoof the victim so he thinks he accessing to a web page using HTTPS protocol but the communication is completely insecure.
In the following video you can see how the exploit works:
Funny, right? It basically cracks the 4-way handshake of the WAP2 protocol used in all modern protected Wi-Fi networks. For doing this he created a new technique named Key Installation Attack (KRACK). This way he tricks the victim into reinstalling an already-in-use key so he can decrypt all the data that pass from the router/access point to the client. You can read about this in his webpage Krackattacks.com. I really recommend to read his webpage since the exploit, test, papers, etc. have a good quality and everything is really good explained.
After this there are a couple of things that needed to be clarify:
Mathy send the news to the vendors on 14 July 2017. After this the CERT/CC sent a broad notification to all the vendors on August 2017 so they will fix this issue as soon as possible. Right now some vendors are releasing fixes for this issue but the tasks to patch all the devices is sooooooo huge that some of them will be impossible to patch.
The good news is that the exploit and scripts are still not released by Mathy. The bad news is that some people say that this exploit was already knew time ago and it was used before Mathy discovered it. Anyway, here is a list of things you should do in the near future if you want to feel safe when using your home network:
I’ll keep you updated with new information as soon as I get it. It will be a couple of days/weeks for getting the scripts and try the scripts/1-click exploits but I’ll try to upload them so you can test them if you want.
It seems all the vendors are releasing patches for this issue:
wpa (2.4-0ubuntu6.2) xenial-security; urgency=medium * SECURITY UPDATE: Multiple issues in WPA protocol - debian/patches/2017-1/*.patch: Add patches from Debian stretch - CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 * SECURITY UPDATE: Denial of service issues - debian/patches/2016-1/*.patch: Add patches from Debian stretch - CVE-2016-4476 - CVE-2016-4477 * This package does _not_ contain the changes from 2.4-0ubuntu6.1 in xenial-proposed.
iOS already doesn't accept re-transmitted message 3 of the handshake making it vulnerable only to the FT handshake attack when the device roams from one AP to another. To fix this they only need to change when the PTK gets installed. It's kind of funny actually. They mitigated the primary attack by violating the 802.11i standard, and now they have to adhere to the 802.11r in order to fix the other vulnerability.
You can see a full list of vendor patches in the following GitHub: krackinfo
I hope you all survived the log4j Apocalypse and Christmas, hopefully you had a great…
I know it is being a while since I posted the last time. So far…
UPDATE 11/25/2020 Adobe released a new patch that solves the issue a few days ago:…
Good news for you fanatics of SAP GUI! SAP will release SAP GUI 7.70 in…
Quick update since I don't have a lot of time lately. During my 2019 job…
It's been a while since the last time I wrote an entry in my blog.…