【Official】Wi-Fi WPA2 Vulnerability Explanation & Prevention Guide

What is KRACK vulnerability (KeyReinstallation Attack)?

KRACK vulnerability, also known as KeyReinstallation Attack, is a new WPA/WAP2 protocol security vulnerabilityannounced on 16th October, 2017 by the Belgian researcher MathyVanhoef. This vulnerability utilizes shortcomings of WPA/WPA2 protocolimplementation to trigger reinstallation of the key, hence giving the man-in-the-middleattacker the ability to decrypt wireless data packets.

The Common Vulnerabilities and Exposures (CVE) websiterecorded over 10 possible vulnerabilities caused by KRACK (CVE-2017-13007~13082,CVE-2017-13084~13088), all of which points to the same issue at hand – key reinstallation.

This security flaw exists in the Wi-Fi standard itself and thus is notspecific to particular products or solutions. Essentially, a key should only be installed and used once to ensuresecurity, yet WPA2 does not guarantee this.

The PoC (Proof of Concept) section of thepaper, “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2”, demonstratedperforming a KRACK on an Android phone. In this demonstration, the attacker hadthe ability to decrypt all the data transmitted by the victim. This method ofattack can be easily achieved by attackers because Android and Linux devices will be manipulated by the attackers to reinstallan all-zero encryption key.

The paperalso points out that, although it is difficult to decrypt all the packets when attackingother devices (without the all-zero encryption key vulnerability), the attackercan still decrypt a significant portion of the packets. In reality, the authoradmits that he has yet to have PoC for this part of his theory.

Attack targetsand methods of KRACK vulnerability

The vulnerability targets on client devices (mobile phones, notebooks,tablets, etc.) that have access to the Wi-Fi network, inducing the clientdevices to reinstall the key, thus risking packet decryption from an unknownparty. To start an attack and induce the key reinstallation process, the attacker has to be physically close to thetarget Wi-Fi network.

Possibleattack methods include:

1.    KRACK triggers Linux and Android 6.0 devices’ all-zero encryption keyvulnerability, causing all packets to be easily decrypted.

2.    KRACK vulnerability weakens the defense against replay attacks of WPA2encryption, increasing the risk of replay attacks on end devices.

3.    The attacker can further decrypt the packets via the KRACK vulnerabilityif part of the plaintext and ciphertext has already been acquired, but the attackerwill not be able to decrypt all the packets.

4.     Withoutobtaining the plaintext and ciphertext, theoretically there is a possibility ofdecrypting a small number of packets, but it is highly unlikely.

What Wi-Fi users should do about thevulnerability

1.    These attacks are vulnerabilities that could be easily patched byterminal manufacturers and can be prevented by upgrading to the latest versionof the terminal system. Please consult manufacturers for their officialupgraded version.

2.    As attacks are easier on Linux and Android 6.0 or above, please update theversions as soon as possible.

3.    As attack costs are relatively higher for other devices, users canremain calm as there is no need to be concerned.

4.    Only upgrading APs or home routers cannot resolve the vulnerabilities asthey are targeted on the clients.

5.    KRACK vulnerabilities would not cause the leak of passwords, so there isno need to modify the network passwords.

The vulnerability’s impact on Ruijie APs (Impacton Ruijie APs is minimal)·      

Ruijie’s RG-MACC products arenot affected by the vulnerability.·      

All AP runninglatest RGOS 11.x platform , and all indoor AP running previous RGOS 10.x are not beaffected by KRACK.·      

Affected devicesonly consist of Outdoor AP performing WDS and running previous RGOS 10.X, andwe recommend to upgrade the Outdoor AP to latest RGOS 11.x

.>>>Friendly Reminder<<<

After the details of the vulnerabilities were revealed,Linux, Microsoft and Apple each released a patch, and we strongly recommendusers to update their system versions or install the patches. As of now, the releasefor the mainstream terminal patches is as follows:·        

Windows: Microsoft has patched the KRACK vulnerabilityin the cumulative security update on October 10th. Please turn on theWindows 10 automatic update, and for older versions of Windows, please upgradeto Windows 10.·        

iOS: Apple announced the patch for thevulnerability on October 16th. Please update to the latest iOS.·        

Android: Google will fix this vulnerability inNovember. As the Android system of the mainland manufacturers is non-native, pleaseconsult manufacturers for security updates.·        

Linux: wpa_supplicant has released an update to fix this vulnerability. Please download thepatch through the package manager. If there are any further inquiries concerningthis vulnerability, please contact Ruijie Networks’ 24/7 service hotline.(Skype ID: Ruijie Technical Support)