News

KRACKs WiFi vulnerability: All you need to know

AmarendraOctober 17, 2017
0 2 minutes read

KRACKs is a short form of Key Reinstallation AttaCKs, is a term used for a set of vulnerabilities in WPA2 wireless protocol that is used to encrypt data that transmits through Wi-Fi. If hackers exploit these vulnerabilities, they can steal data in Wi-Fi network and can be used to steal sensitive information like credit card numbers, passwords, mails etc. Most router manufacturers should soon release patches to fix this critical set of vulnerabilities. Here is a demo of the same, provided by security researcher Marhy Vanhoef.

Every single router that supports WPA2 security protocol could be affected. The only way to fix this is by applying the patch for the router (if available). Changing router password will not help. Marhy Vanhoef will release scripts to detect whether an implementation of the 4-way handshake, group key handshake, or Fast BSS Transition (FT) handshake is vulnerable to key reinstallation attacks. Microsoft has mentioned that a patch released on 10th of October protects Windows 10 PCs against KRACKs. Apple released statement that fix is implemented in current iOS, macOS, watchOS and tvOS betas and should be available for everyone soon. Also, many antivirus companies have updates that protect devices against KRACKs. One way to protect your Wi-Fi networks from hackers is to not show the Wi-Fi SSID. Go through your router documentation to apply the same. Change your router’s SSID and set it in such a way that the network is not shown to everyone in range. Also, if you are connecting to public Wi-Fi, be extra careful as you never know if the router service Wi-Fi is hacked or not.

Assigned CVE identifiers

The following Common Vulnerabilities and Exposures (CVE) identifiers were assigned to track which products are affected by specific instantiations of our key reinstallation attack:

  • CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
  • CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
  • CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
  • CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
  • CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
  • CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
  • CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
  • CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
  • CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
  • CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
Tags
AmarendraOctober 17, 2017
0 2 minutes read

Amarendra

Co-Founder of GadgetDetail, gadget lover, addicted to American TV shows, fan of Ferrari and Federer, Bengalurian, FOOD LOVER, multiplex hater.

Related Articles

Embracing Mastodon

January 26, 2023

Best and worst products I purchased in past one year

July 26, 2022

Logitech Lift mouse is the one you need to avoid RSI

April 21, 2022

Best Fitness applications for 2022

April 20, 2022
Subscribe
Notify of

0 Comments
Inline Feedbacks
View all comments
Back to top button
0
Would love your thoughts, please comment.x
()
x