![]() ![]() This means that the client will already be churning out cryptographic material, known as the keystream, to encrypt the data it transmits. In particular, an attacker with a rogue access point that pretends to have the same network number (MAC address) as the real one can divert message 4 and prevent it reaching the real AP.ĭuring this hiatus in the handshake, the client may already have started communicating with the AP, because the two sides already have a session key they can use, albeit that they haven’t finalised the handshake. The KRACK Attacks (with numerous variations) use the fact that although this four-way protocol was shown to be mathematically sound, it could be – and in many cases, was – implemented insecurely. (AP to client) I’m confirming we’ve agreed on enough data to construct a key for this session.This avoids using the PSK directly in encrypting wireless data, and ensures a unique key for each session. (Client to AP) OK, here’s some one-time random data from me to use as well.Īt this point, both sides can mix together the Wi-Fi network password (the so-called Pre-Shared Key or PSK) and the two random blobs of data to generate a one-time key for this session.Here’s some one-time random data to help compute it. (AP to client) Let’s agree on a session key. ![]() To do so, a protocol known as the “four-way handshake” is used, which goes something like this: KRACK is short for Key Reinstallation Attack, which is a curious name that probably leaves you as confused as we felt when we heard about it, so here’s our extremely simplified explanation of what happens (please note this explanation covers just one of numerous flavours of similar attack).Īt various times during an encrypted wireless connection, you (the client) and the access point (the AP) need to agree on security keys. (If you remember the Firesheep attack of 2010, just bled a few bytes of data when you connected to Facebook or Twitter was enough to let a crook clone your connection and access your account for as long as you stayed logged in.) KRACK works against networks using WPA and WPA2 encryption, which these days covers most wireless access points where encryption has been turned on.Īn attacker in your midst (at least, within Wi-Fi range) could, in theory, sniff out at least some of the encrypted traffic sent to some of the computers in your organisation.Įven if an attacker can only “bleed off” small amounts of traffic, in dribs and drabs, the end result could be very serious. These KRACK attacks mean that most encrypted Wi-Fi networks are not as secure as you think. News of the week – and it’s still only Monday – is a Bug With An Impressive name (and its own logo!) called the KRACK Attack.Īctually, there are several attacks of a similar sort discussed in the paper that introduced KRACK, so they’re more properly known as the KRACK Attacks. ![]()
0 Comments
Leave a Reply. |