loading...

What to know about KRACK Attack

fabiand93 profile image Fabian ・12 min read

Yesterday, 16/Oct/2017, was released a vulnerability that affects all WPA and WPA2 handshakes that allow attackers to override your wifi encryption and install a MITM to sniff all your packages getting user credentials and more.

How does it work?

On this video you can see a demostration of how it's implemented this vulnerability:

image

How do I protect myself?

Update your system, router, mobile device etc.
Most vendors already released a patch update, you can check a bigger intel about this here

Vendor Patch Matrix (non-complete)

Vendor Patch Available In Development Not Directly Affected
Arch Linux X
Arista X
Aruba X
Cisco X
DD-WRT X
Debian X
Extreme Networks X
Fedora X
FreeBSD X
Lenovo X
LineageOS X
LXDE X
Meraki X
MikroTik X
Synology X
Turris Omnia X
Ubiquiti X
Ubuntu X
UniFi X
VMware X
Watchguard Cloud X
Watchguard X
Windows 10 X
WPA_supplicant X

Vendor Response (complete)

Vendor Official Response Comment Last Checked Last Updated Date Notified by CERT
3com Inc No Known Official Response N/A 2017-10-17 2017-10-17
Actiontec No Known Official Response N/A 2017-10-17 2017-10-17
Aerohive LINK N/A 2017-10-17 2017-10-17
Alcatel-Lucent No Known Official Response N/A 2017-10-17 2017-10-17
Amazon No Known Official Response "We are in the process of reviewing which of our devices may contain this vulnerability and will be issuing patches where needed." 2017-10-17 2017-10-17
Android No Known Official Response Android 6.0 and above affected (Android uses wpa_supplicant and therefore is affected). 2017-10-16 2017-10-16
Apple No Known Official Response; See comment for unofficial response Via twitter : "Apple has confirmed to me that #wpa2 #KRACK exploit has already been patched in iOS, tvOS, watchOS, macOS betas." LINK 2017-10-17 2017-10-17
Arch Linux wpa_supplicant, hostapd N/A 2017-10-16 2017-10-16
Arduino No Known Official Response N/A 2017-10-17 2017-10-17
Asus No Known Official Response According to LINK at the time of this commit no statement from Asus 2017-10-17 2017-10-17
AVM LINK They are currently investigating this security issue and will release updates if needed. Also EOM and EOS products will be updated, according to LINK 2017-10-17 2017-10-17
Barracuda Networks No Known Official Response N/A 2017-10-17 2017-10-17
Belkin, Linksys, and Wemo No Known Official Response "Belkin Linksys, and Wemo are aware of the WPA vulnerability. Our security teams are verifying details and we will advise accordingly. Also know that we are committed to putting the customer first and are planning to post instructions on our security advisory page on what customers can do to update their products, if and when required." 2017-10-16 2017-10-16
Broadcom No Known Official Response N/A 2017-10-16 2017-10-16
Buffalo / MELCO LINK(JA) N/A 2017-10-18 2017-10-18
Canon No Known Official Response N/A 2017-10-16 2017-10-16
CentOS No Known Official Response N/A 2017-10-17 2017-10-17
Cisco LINK Multiple Cisco wireless products are affected by these vulnerabilities. 2017-10-16 2017-10-16 28 Aug 2017
Comcast No Known Official Response N/A 2017-10-17 2017-10-17
CZ.NIC Turris LINK via @spike411: CZ.NIC Turris team is testing a fix (backported from hostapd upstream): LINK 2017-10-16 2017-10-16
D-Link LINK N/A 2017-10-17 2017-10-17
DD-WRT LINK N/A 2017-10-17 2017-10-17
Debian LINK * Add patches to fix WPA protocol vulnerabilities (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088): - hostapd: Avoid key reinstallation in FT handshake - Prevent reinstallation of an already in-use group key - Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases - Fix PTK rekeying to generate a new ANonce - TDLS: Reject TPK-TK reconfiguration - WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used - WNM: Ignore WNM-Sleep Mode Response without pending request - FT: Do not allow multiple Reassociation Response frames - TDLS: Ignore incoming TDLS Setup Response retries 2017-10-16 2017-10-16
Dell No Known Official Response N/A 2017-10-17 2017-10-17
Denon No Known Official Response N/A 2017-10-17 2017-10-17
DrayTek LINK DrayTek are investigating solutions for this and plan to issue appropriate updates (firmware) as soon as possible. We will update this page in due course. 2017-10-17 2017-10-17
ecobee No Known Official Response N/A 2017-10-17 2017-10-17
Edimax No Known Official Response N/A 2017-10-17 2017-10-17
EMC Corporation No Known Official Response N/A 2017-10-17 2017-10-17
Espressif Systems LINK Espressif released patches for the WiFi vulnerabilities in their products including ESP-IDF, ESP8266 RTOS and ESP8266 NON-OS. Arduino ESP32 will be updated shortly. 2017-10-16 2017-10-16 22 Sep 2017
Extreme Networks LINK N/A 2017-10-16 2017-10-16 2017-08-28
F5 Networks No Known Official Response N/A 2017-10-17 2017-10-17
Fedora LINK Status: Fixed Release: Pending (* Manual installation is possible) 2017-10-17 2017-10-17
FortiNet LINK FortiAP 5.6.1 is no longer vulnerable to the following CVE Reference:...CVE-2017-13077CVE-2017-13078CVE-2017-13079CVE-2017-13080CVE-2017-13081CVE-2017-13082 2017-10-16 2017-10-16
Foundry Brocade No Known Official Response N/A 2017-10-17 2017-10-17
FreeBSD Project Response, patch Binary and source updates to base system available. Alternatively one can install the security/wpa_supplicant port or package in lieu of the same in base. 2017-10-17 2017-10-17 (?)
Google No Known Official Response N/A 2017-10-16 2017-10-16
Hewlett Packard Enterprise No Known Official Response N/A 2017-10-17 2017-10-17
Honeywell No Known Official Response N/A 2017-10-16 2017-10-16
HPE Aruba Patch Info - FAQ N/A 2017-10-17 2017-10-17 28 Aug 2017
Huawei No Known Official Response N/A 2017-10-16 2017-10-16
IBM No Known Official Response N/A 2017-10-17 2017-10-17
Intel Corporation LINK N/A 2017-10-16 2017-10-16 28 Aug 2017
I-O DATA LINK(JA) N/A 2017-10-18 2017-10-18
Jolla LINK N/A 2017-10-17 2017-10-17
Juniper Networks LINK Patches for WLAN available; patches for SRX and SSG outstanding 2017-10-16 2017-10-16 28 Aug 2017
KPN LINK No Fix as of yet 2017-10-17 2017-10-17
Kyocera Communications No Known Official Response N/A 2017-10-17 2017-10-17
LEDE LINK Fixed snapshots for master available. 17.01.4 pending release. 2017-10-17 2017-10-17
LineageOS LINK N/A 2017-10-17 2017-10-17
Linux Patches: LINK wpa_supplicant version 2.4 and above is affected. Linux's wpa_supplicant v2.6 is also vulnerable to the installation of an all-zero encryption key in the 4-way handshake. 2017-10-16 2017-10-16
Logitech No Known Official Response N/A 2017-10-16 2017-10-16
Marantz No Known Official Response N/A 2017-10-17 2017-10-17
Marvell Semiconductor No Known Official Response N/A 2017-10-17 2017-10-17
MediaTek No Known Official Response N/A 2017-10-16 2017-10-16
Meraki LINK Fixed for Cisco Meraki in 24.11 and 25.7 2017-10-16 2017-10-16
Microchip Technology LINK N/A 2017-10-17 2017-10-17 28 Aug 2017
Microsoft Windows Related When clicking the link, accept the EULA then click the link again 2017-10-16 2017-10-16
Mikrotik LINK We released fixed versions last week, so if you upgrade your devices routinely, no further action is required. 2017-10-16 2017-10-16
NEC No Known Official Response N/A 2017-10-16 2017-10-16
Nest Labs No Known Official Response Nest Tweeted: "We plan to roll out patches to our products in the coming weeks. These won't require any action on the part of the user." 2017-10-17 2017-10-17
Netgear LINK N/A 2017-10-16 2017-10-16
Nikon No Known Official Response N/A 2017-10-16 2017-10-16
Nintendo No Known Official Response N/A 2017-10-16 2017-10-16
OnePlus No Known Official Response "We encouraged you to stay tuned and keep track on our Community Forums and official website and other social media channels." 2017-10-17 2017-10-16
Onkyo No Known Official Response N/A 2017-10-17 2017-10-17
Open-Mesh / CloudTrax LINK An update is expected to be delivered to all of those that use automatic updates by the end over October 17th. 2017-10-17 2017-10-17
OpenBSD LINK Errata patches for the wireless stack have been released for OpenBSD 6.1 and 6.0. State transition errors could cause reinstallation of old WPA keys. Binary updates for the amd64 and i386 platforms are available via the syspatch utility. Source code patches can be found on the respective errata pages. As this affects the kernel, a reboot will be needed after patching. 2017-10-16 2017-10-16
Pakedge No Known Official Response Via @spike411 "They have acknowledged they have received my enquiry but don’t have any info about the state of this vulnerability in their products." 2017-10-16 2017-10-16
pfSense LINK N/A 2017-10-17 2017-10-17
Pioneer No Known Official Response N/A 2017-10-17 2017-10-17
Qualcomm Atheros No Known Official Response N/A 2017-10-16 2017-10-16
Rachio No Known Official Response N/A 2017-10-17 2017-10-17
Raspbian (Raspberry Pi) No Known Official Response Update (20171002 01:38): The fixes for raspbian Jessie and Stretch should now be in the public raspbian repo. The fix for raspbian buster should follow in a few hours. I do not know if/when there will be a fix for wheezy. source: LINK 2017-10-17 2017-10-17
Red Hat, Inc. This issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 6 and 7. LINK N/A 2017-10-16 2017-10-16 28 Aug 2017
Ring No Known Official Response Per support "They promise to update public shortly, actively working with developers." 2017-10-17 2017-10-17
Ruckus Wireless Refer to Ruckus Support. Security patches from Ruckus are forthcoming and will be posted as they are available. LINK PDF N/A 2017-10-17 2017-10-17
Sagemcom No Known Official Response N/A 2017-10-17 2017-10-17
Samsung Mobile No Known Official Response N/A 2017-10-16 2017-10-16 28 Aug 2017
Sharp No Known Official Response N/A 2017-10-16 2017-10-16
Sonicwall LINK N/A 2017-10-17 2017-10-17
Sonos No Known Official Response N/A 2017-10-17 2017-10-17
Sony No Known Official Response N/A 2017-10-16 2017-10-16
Sophos AP LINK N/A 2017-10-17 2017-10-17
SUSE / openSUSE LINK 2017-10-16 2017-10-16 28 Aug 2017
Swisscom LINK Internet Box routers not affected. Centro routers and AirTies repeaters to be clarified. 2017-10-17 2017-10-17
Synology LINK Synology DiskStation Manager (DSM) with attached WiFi dongle and Synology Router Manager (SRM) are vulnerable to Krack. According to Synology, updates for affected products will be released soon. 2017-10-17 2017-10-17
Toshiba Commerce Solutions No Known Official Response N/A 2017-10-16 2017-10-16 15 Sep 2017
Toshiba Electronic Devices & Storage Corporation No Known Official Response N/A 2017-10-16 2017-10-16 28 Aug 2017
Toshiba Memory Corporation No Known Official Response N/A 2017-10-16 2017-10-16 28 Aug 2017
TP-Link LINK N/A 2017-10-17 2017-10-17
Turris Omnia LINK N/A 2017-10-17 2017-10-17
Ubiquiti Networks LINK Ubiquiti has released 3.9.3.7537 in beta to mitigate these vulnerabilities in UniFi APs that have a client mode. mFi devices are likely vulnerable and no statement or patch has been released. 2017-10-16 2017-10-16
Ubuntu LINK Updates are available for wpasupplicant and hostapd in Ubuntu 17.04, Ubuntu 16.04 LTS, and Ubuntu 14.04 LTS. 2017-10-16 2017-10-16
WatchGuard LINK Sunday, October 15, 2017:,AP120, 320, 322, 420:,Release 8.3.0-657, Cloud mode only . Monday, October 30, 2017: AP300: Release 2.0.0.9 ,AP100, 102, 200: Release 1.2.9.14, AP120, 320, 322, 420:,Release 8.3.0-657, Non-Cloud (GWC mode) 2017-10-17 2017-10-17
WiFi Alliance LINK Users should refer to their Wi-Fi device vendor’s website or security advisories to determine if their device has been affected and has an update available. As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers. 2017-10-16 2017-10-16
Xfinity No Known Official Response N/A 2017-10-17 2017-10-17
Xirrus LINK As soon as the patch is released, it will be made available through the Xirrus Support Community. 2017-10-17 2017-10-17
Yamaha No Known Official Response N/A 2017-10-16 2017-10-16
Yi (Xiaoyi) No Known Official Response "Waiting on a reply" 2017-10-17 2017-10-17
ZTE No Known Official Response N/A 2017-10-17 2017-10-17
ZyXEL LINK N/A 2017-10-16 2017-10-16 28 Aug 2017

This tables are being updated by krackinfo repo

I'll be updating this post as I could.

Discussion

pic
Editor guide
Collapse
bgadrian profile image
Adrian B.G.

Ofc keep using SSL and VPN.

From what I've read the exploit is known for 5-6 months but wasn't shared with the public, and Android/iOS will wait until next month (November). Android (all the manufacturers) have a low adoption rate regarding the updates, so the vulnerable devices will exists for a long time (XP is still running somewhere 😜).

Collapse
mkerndt profile image
Madison Kerndt

Really great article with concrete information applicable to a range of technologies. Thanks!

To bulk up the "How does it work?" section and give a bit more background information, here is the link to a blog I wrote. It includes more details on the KRACK attack and what vulnerabilities in the WPA2 protocol made the attack possible:

blog.ironcorelabs.com/understand-t...