A fundamental design flaw in the 802.11 standard threatens almost all WiFi networks. Several security issues concern the 4-way key exchange, which is used to establish encrypted connections using WPA and WPA2.
The vulnerability called KRACK (Key Reinstallation Attacks) was published by security researcher Mathy Vanhoef this Monday on a dedicated website: https://www.krackattacks.com/
As this is a fundamental design flaw, almost all devices and manufacturers are affected. The difficulty with which an attack can be executed depends on the respective implementation.
Currently there are no software updates from manufacturers available. See https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4 for updates on your device.
We recommend that all WLAN access to internal networks be blocked wherever possible, or that access to internal networks be secured by VPN connections.
We will update this post as soon as further information becomes available. The following CVE identifiers have been assigned for further tracking:
- CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
- CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
- CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
- CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
- CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
- CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
- CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
- CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
- CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
- CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
For technical details, see the document Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 (pdf).
At this point we would like to point out that the vulnerability is about the client, i. e. devices that connect to the network. Therefore, access points are usually only affected during operation as repeaters.
Intel has published information and driver updates: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr
AVM (Firtz! Box) has issued the following statement according to which a Fritz! box without repeater operation is not affected: https://avm.de/aktuelles/kurz-notiert/2017/wpa2-luecke-fritzbox-ist-sicher/.
Microsoft has already delivered updates for Windows on October 10th: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
For Apple, all devices currently appear to be vulnerable (iOS (iPhone, iPad, iPod touch), macOS (Mac), tvOS (from Apple TV 4) and watchOS (Apple Watch). It only seems to be solved in current beta versions of the system software.
Google seems to have promised updates for Android until November 6th. The question is, however, when and if the manufacturers will deliver them.