KRACK: Examining the WPA2 protocol flaw and what it means for your business

What’s WPA2?

The weekend of Friday the 13th took a frightening turn—even for those of us who aren’t superstitious—when detrimental weaknesses were discovered in Wi-Fi Protected Access II (WPA2), the protocol responsible for securing Wi-Fi networks. WPA2 was first made available back in 2004 and has been required on all Wi-Fi branded devices since March 2006. My home’s Wi-Fi network is protected by WPA2, and if you’re reading this, yours probably is too.

What’s KRACK?

Before we answer that question, let’s do some quick high-level Crypto 101. The Advanced Encryption Standard (AES) has been around for over a decade. It’s a symmetric-key cipher, which means the same key is used for both encryption and decryption. While AES traditionally functions as a block cipher that encrypts 128-bit chunks of plain text at a time, it can also be used as a stream cipher—which is how it is implemented in WPA2. Now, the thing with stream ciphers is that reusing a nonce-key pair can result in the complete decryption of traffic. A nonce should never be used with the same key twice. In the WPA2 standard, a nonce is basically a packet counter. Essentially:

generate( 0, key ) → first part of keystream

generate( 1, key) → second part of keystream

generate( 2, key) → third part of keystream

…

generate( 2^48, key) → last part of keystream

Once the maximum allowed value for the counter is reached (2^48), a new key is generated, and the counter is reset to 0. Since the cipher is rekeyed whenever the counter is reset to 0 (hint, hint), it follows that the same nonce-key pair will never be reused. So what’s the problem?

Enter the key reinstallation attack, or KRACK.

The KRACK vulnerability allows an active adversary to interfere in the conversation between a client and the Wi-Fi access point, forcing the client to reinstall a key that was previously used. When this occurs, the counter is reset to 0 also—leading to the reuse of nonce-key pairs. The keystream that follows will be identical to the earlier keystream, since the nonces (i.e., counter values) are being used with the exact same key that was previously used. Once this keystream is reused, the adversary can (with little effort) decrypt traffic, revealing credit card numbers, passwords, and more.

Who is affected by KRACK?

This weakness stems from the WPA2 standard itself—not from any specific faulty implementation. That being said, if you own any product that supports Wi-Fi, it is likely affected by KRACK. While accessing websites over HTTPS does add another layer of security, you should keep a few things in mind:

• Not all websites support HTTPS.
• HTTPS-enabled websites may be downgraded to HTTP using tools like SSLstrip.
• Many IoT devices located around the house are notorious for communicating in plain text.

That last point is especially important. If you have a smart TV, for example, you should think twice about leaving it connected to your Amazon account, or any other app or account that contains sensitive information.