Key Reinstallation Attacks

1. Introduction

1.1. We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks.

1.1.1. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs).

1.1.1.1. Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.

1.1.1.2. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.

1.1.1.3. The attack works against all modern protected Wi-Fi networks.

2. Demonstration

2.1. https://youtu.be/Oh4WURZoR98

2.1.1. In this demonstration, the attacker is able to decrypt all data that the victim transmits.

2.1.2. For an attacker this is easy to accomplish, because our key reinstallation attack is exceptionally devastating against Linux and Android 6.0 or higher

3. Details

3.1. Our main attack is against the 4-way handshake of the WPA2 protocol.

3.2. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to confirm that both the client and access point possess the correct credentials

3.3. At the same time, the 4-way handshake also negotiates a fresh encryption key that will be used to encrypt all subsequent traffic.

4. Paper

4.1. Our research paper behind the attack is titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 and will be presented at the Computer and Communications Security (CCS) conference on Wednesday 1 November 2017.

5. Tools

5.1. We have made scripts to detect whether an implementation of the 4-way handshake, group key handshake, or Fast BSS Transition (FT) handshake is vulnerable to key reinstallation attacks.

5.2. These scripts are available on github, and contain detailed instructions on how to use them.