KRACK attacks – White Paper
What is KRACK?
KRACK attack, now fully disclosed after almost 14 years of exposing our assumed to be encrypted wireless communications, affects today nearly every wireless device out there. Your Android cellular phone, network cameras, robotic vacuum cleaner and even your smart doorbell – all are vulnerable to this mysterious phenomenon that leaves their wireless communication exposed to hijacking, manipulations and in some cases even fully stripped from the encryption that should have kept our data private.
As explained thoroughly in this publication, this attack exploits a known and approved mechanism which is part of the wireless communication standards. Every wireless device out there must comply with the standard and this is why this specific vulnerability is so extensive and marked everywhere as high-risk.
To make the long story short, KRACK (Key Reinstallation Attack) exploits a vulnerability in the standardized WPA2 authentication algorithm state machine. WPA2 is the industry-standard for encrypting and securing our Wi-Fi traffic for the past 14 years and supposedly didn’t fail us (unlike it’s predecessor, WEP, that was proved to be quite easy to decrypt in a matter of seconds). All true up until now. By exploiting the standard re-transmission mechanism of our wireless networks (that basically send again data packets in case they were lost due to bad reception or other interferences), the attacker causes the home-network access-point to resend one of the 4 data packets used for authenticating a device. These 4 packets are used to exchange authentication information (e.g. your wireless home-network password) and initiate an encrypted session between your wireless device and your home-network’s access point. Re-sending packet 3, in this case, causes the authentication algorithm state machine to fall into a special state in which the generated encryption keys are being re-installed and other counters and measurement initiated. This allows the attacker to weaken the encryption and in some cases even downgrade the entire encrypted session to be using an all zero encryption key which is straightforward to decrypt.
So, What should we do?
Basically, the problem lies within all of our wireless enabled devices. Their encryption algorithm, although following the common and binding standard, allows the above vulnerable key reset. And so, ALL devices must be patched and updated immediately to fix and mitigate the vulnerability. And here lies the REAL BIG PROBLEM – with millions of different devices, hardwares, models, chipsets and firmware versions – there is no feasible way to patch ALL devices. It is safe to assume that some selected android devices will get their monthly security updates soon, and most windows machine were already patched – but what about our TV Boxes? Video Streamers? Security Cameras and other IoTs?
This same question should also be directed at the access-point (also called router or hub) vendors. The access-point is actually the real weak spot in this case. This is where the malicious re-transmitted packet number 3 starts its way and ends up weakening all of our connected devices security. So why not tackle the heart of the problem?
Well, the answer to this one, unfortunately, seems rather the same. With tens and hundreds of vendorsthat try to keep up with hundreds of different deployed models and thousands of firmware versions – only a few lucky selected router owners will get the security patch they eager for.
Mitigating the KRACK attack is best performed by updating the Wi-Fi and WPA2 components on each device and each router. However, as mentioned above – most gateways and connected devices are expected to be left without proper patches for months and even years to come. It might also be extremely difficult for the ordinary user to determine if a fix is available for his devices or not.
We therefore suggest a list of Do It Yourself steps that may help the user to:
1) Reduce the risk associated with the KRACK attack
2) Alert the user when an attack is on-going
3) Prevent the attack altogether, even without proper patches from device manufacturers.
Use AES encryption
WPA2 comes with three different encryption types – TKIP, CCMP-AES and GCMP. Even though the attack affects WPA2 regardless of the encryption type, using CCMP-AES encryption will reduce the risk associated. This stems from the fact that with AES encryption, the attacker is not able to forge packets and inject them to back to network traffic but only decrypt existing ones. We therefore suggest for any access point to use the CCMP-AES encryption, ensuring both the access point itself and the clients associated to it are vulnerable to a lesser extent.
AES can usually be selected via the gateways configuration interface, usually a web interface. The relevant configuration parameters will usually be found under ‘Wireless’ or ‘Security’ tabs. In the following example we show how to choose AES in Bezeq routers. Note that AES is usually denoted as ‘AES’, ‘CCMP’ or ‘AES/CCMP’. Avoid ‘TKIP’ or similar.
Disable Fast Roaming (802.11r)
The most common attack scenarios for KRACK attacks are against client devices such as Smartphones, Tablets and PCs. However, in some scenarios the attack can be used against the Access Point itself. Such an attack requires the ‘Fast BSS Transition (FT)’ feature to be available by the access point. This feature is used by clients for quick roaming between different access points and is more common in large Wifi networks, such as found in big campuses, where multiple Access Points are deployed in order to cover large areas. It may be wise to disable this feature in routers where it is not necessary. It is more common to find this feature in advanced routers rather than home routers. This feature may appear as ‘Fast Transition’, ‘Fast Roaming’, ‘802.11r’ or ‘FT’.
Update your Wi-Fi software manually
For more advanced users, using their own Linux hardware or having root access to their router devices, it is best to install the latest wpa_supplicant (for clients) and hostapd (for access points) patches. These are the industry-standard software tools being used to activate the access-point logic as well as manage connectivity to other access points for wireless devices. The patches are already available at https://w1.fi/security/2017-1/ and should fix all related vulnerabilities.
Actively monitor for fake Access Points
It may be desirable for advanced users to monitor their networks regularly. Most KRACK attacks, targeting your connected devices, require setting up a rogue access point impersonating your home network but on a different channel. This way attackers can lure devices to connect through the rogue access point and by doing so control the authentication traffic which is then turned back to the original access point. This attack method creates a classic MITM (Man-In-The-Middle) attack scenario in which the attacker has full control over the traffic between one end-point and the other. In this scenario, attackers will try to block some of the authentication packets sent from the devices back to the home-network access point and by doing so trigger the needed key retransmission from the access-point back to the attacked device. With using an additional Wireless adapter (broadly available as cheap USB dongles) one can set up a station that constantly monitors for rogue access points. The simple Linux command ‘iwlist’ easily reveals such a scheme:
(Note: ‘wlan0’ is the wireless nic interface name)
# iwlist wlp58s0 scanning wlp58s0 Scan completed : .... .... Cell 09 - Address: 64:BC:0C:51:D0:21 Channel:6 Frequency:2.437 GHz (Channel 6) Quality=70/70 Signal level=-40 dBm Encryption key:on ESSID:"MyAccessPoint" .... .... Cell 20 - Address: 64:BC:0C:51:D0:21 Channel:8 Frequency:2.447 GHz (Channel 8) Quality=70/70 Signal level=-21 dBm Encryption key:on ESSID:"MyAccessPoint" .... ....
One can easily spot that access points using the same MAC Address and ESSID exist on different channels (Channel 6 and 8). This command can be easily wrapped up as a service, scheduled to execute every minute or so to scan, process and alert once a rogue access point is exposed. Note that this attack method can also be used for many other MITM attack scenarios, forcing your devices to connect to the rogue access point instead of the original one and manipulating your network traffic in ways that might expose you to risks of exposing private information, credentials theft etc. And so, the above mitigation can be a good preventive action to many security risks as well.
Active mitigation of the 4-way Handshake attack
As a full scale end to end solution, we hereby supply a proof of concept as a Python script that can be executed on Linux access points and detect possible KRACK attacks against client devices. The script is meant to be executed on the Access Point rather than the client devices. It monitors the Wi-Fi interface and detects duplicate transmissions of message 3 of the 4-way handshake. It then disconnects the suspected device by halting the authentication process and preventing it from sending any further sensitive data to the Access Point. Once the authentication process is shutdown, the device will try again to re-establish the connection to the access point. It will be granted as long as no retransmission of packet 3 is discovered in that particular authentication process. Full code and further information can be found at: https://github.com/securingsam/krackdetector
The SAM Way – Protecting the Access-Point From Within
This is where SAM’s seamless networking solution stands up. SAM’s advantage is the ability to secure, manage and generally improve your home network’s capabilities – no matter the router you use. SAM can be deployed on every router hardware, vendor and firmware version and take the ownership on securing all of your home connected devices end to end. With that said, SAM is able to quickly develop and deploy hot fixes and security patches to all users, instantly and without any intervention. No more looking for firmware files, downloading mysterious binary files, trying to remember how to access your router admin interface and praying your firmware update routine will not end up with a brick instead of a router. Specifically for KRACK, running scripts and deploying patches like those provided above (as a process running on the router) will provide complete protection, even for devices that weren’t patched. Adding such capabilities is not trivial, and typically cannot be done without deep knowledge and access to the router internals. SAM, as a security solution protecting home routers – can easily add this protection with ZERO effort from any of the parties involved – router vendors, internet providers and of course home users. SAM’s security researchers were able to quickly respond to the latest KRACK disclosure and have already developed a working proof-of-concept mitigation that can be easily and instantly be deployed to all of SAM’s customers. This hot-fix will be pushed to all deployed SAM enabled routers – irrespective of whether specific router vendors released a firmware update or not. Most of these routers will be the first to get a KRACK hot-fix on the market, and most if not all of them wouldn’t have gotten any hotfix at all without SAM’s solution being enabled on them.