Key reinstallation attacks on WPA2 (KRACK)


KRACK esp8266

In October 2017 Mathi Vanhoef publicly released the details of a serious weakness in WPA2 security. WPA2 is a widely used security measure to limit unauthorized accesses on Wi-Fi networks.

It is a weakness potentially still present in a huge number of devices today. The following guidelines are of paramount importance for any developer, vendor, customer or hobbyst that deals with IoT devices or anything related to Wi-Fi hardware.

Introduction

Vanhoef released on his website all the technical details about the attacks, or “key reistallation attacks on WPA2 based on nonce reuse”.

Also, it is possible to test in a fast way if the vulnerabilities exposed by Vanhoef are present in specific devices, by exploiting its detection tool.

In addition, an official KRACK vulnerability assessment tool was released by the Wi-Fi Alliance.

A stunning example on how the Internet of Things is widespread across the globe is available by looking at Thingful. It is a world map listing information available for free from IoT devices.

Bruce Schneier in 2014 published a first discussion on how the IoT was becoming a sea of cybersecurity threats. And it was only the 2014.

In 2016 Schneier again published a whitepaper concerning IoT cybersecurity, with a more clear message: “We need to save the internet from IoT”.

Today, it is of paramount importance that any developer, vendor, customer or hobbyst dealing with Wi-Fi devices to assess the presence of KRACK vulnerabilities on the systems under the control. The risk is to expose the communications of such systems to attacks easy to perform, and with severe results.

KRACK vulnerability assessment: detect if your router or any client are exposed to KRACK attacks

Step 1: Prerequisites

The activity described here include the scanning of an active Wi-Fi network, searching for possible connected vulnerable.

The activity requires that any device you want to test must be powered on and connected to the selected W-Fi network.

It is also required a computer with wireless network card able to run a live Linux distribution from a USB pen or DVD, needed to execute last available vulnerabilities detection tools.

Step 2: Get a vulnerability assessment Linux distribution

It s very easy to perform some basic vulnerability assessments. There are plenty of free live distributions with preistalled penetration testing tools and ways to get the most updated ones.

The most indicated for present activity is Kali linux. Simply download the ISO and burn it in a USB pen or DVD.

Assure that the laptop or the device you intend to use with the Kali Linux support the boot from USB or DVD. Finally, insert the just burned memory support and reboot the device.

Next steps will be performed by using the running Kali Linux instance.

Step 3: Update and install required packages

Run the following bash commands to install required packages

apt-get update
apt-get upgrade
apt-get install libnl-3-dev libnl-genl-3-dev pkg-config libssl-dev net-tools git sysfsutils python-scapy python-pycryptodome

Step 5: Obtain scripts to perform tests and perform preliminary actions

Open up the Network Manager of Kali Linux and disable WiFi.

Execute the command below to give access to Wi-Fi network card from the KRACK test scripts.

sudo rfkill unblock wifi

Now obtain the scripts to perform the attacks.

git clone https://github.com/vanhoefm/krackattacks-scripts.git

Disable hardware encryption by executing the following line:

./krackattack/disable-hwcrypto.sh

Step 6: Read attack detailed instructions

cd krackattack
./krack-ft-test.py –help

Step 7: Perform attacks

The author recommends to run four times the script, changing the WPA2 security configuration to attack, as described below:

  1. ./krack-test-client.py
  2. ./krack-test-client.py --tptk
  3. ./krack-test-client.py --tptk-rand
  4. ./krack-test-client.py --group

Countermeasures

When a device prone to KRACK attack is found, one can proceed in two ways: upgrading the firmware device, or substituting it with a compatible device KRACK-resistant.

In some cases the only option possible is the second. In other cases, no actions to mitigate the risk are possible, due to the impossibility to upgrade old or not maintained yet devices.

ESP8266 case

The ESP8266 integrated circuit is a very common device that includes a microcontroller and a Wi-Fi tranceiver. It is very commonly used to give Wi-Fi connectivity to Arduino devices.

The ESP8266 appeared prone to KRACK attacks, and the first official release of the patched firmware to be used with Arduino IDE was released on January 2, 2018 (version 2.4.0).

If a ESP8266-based device is found vulnerable to KRACK attack, it is important to reprogram it with the firmware available at https://github.com/esp8266/Arduino/releases/latest. To do this, follow the instructions at https://github.com/esp8266/Arduino.

With high probability every ESP8266 device programmed prior to January 2018 is vulnerable to KRACK attack. Today, the number of devices prone to these attacks can be very high.


Comments