Preloader
Ubiquitous Wi-Fi Protocol (WPA2) Broken

Ubiquitous Wi-Fi Protocol (WPA2) Broken

This is HUGE news. The popular Wi-Fi protocol WPA2 has been broken.

The KRACK (key Reinstallation Attack) attack affects pretty much everyone using Wi-Fi. We won’t get into all the nitty gritty details (you can find those here), but we will give you a summary of what is going on:

Summary

  • This attack affects pretty much all devices that have Wi-Fi.
  • Changing your wireless password won’t fix this problem.
  • The KRACK attack allows attackers to decrypt your internet traffic to see what you’re doing online.

What Can I Do?

  • Don’t switch to WEP (another wireless security protocol–it’s REALLY insecure)
  • Install all security updates for your devices (phones, computers, routers)
  • Use HTTPS wherever possible
  • Consider using your data plan instead of wireless
  • Consider using a reputable VPN service. This adds an additional layer of encryption and privacy

Can I see this attack in action?

Yes, see the video below:

Is this issue being tracked?

Yes – here are the CVEs:

  • CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
  • CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
  • CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
  • CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
  • CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
  • CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
  • CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
  • CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
  • CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
  • CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.