WPA2 Protocol is one of the most using protocol for Wireless networks now a days but due to latest research, WPA2 can easily be cracked and the handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a client.
An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames.
After establishing a man-in-the-middle position between an AP and client, an attacker can selectively manipulate the timing and transmission of messages in the WPA2 Four-way, Group Key, Fast Basic Service Set (BSS) Transition, PeerKey, Tunneled Direct-Link Setup (TDLS) PeerKey (TPK), or Wireless Network Management (WNM) Sleep Mode handshakes, resulting in out-of-sequence reception or retransmission of messages.
Impacts may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames.
Here are the complete list of vendors which are affected from Krack Attack (WPA2 Vulnerability 2017)
This vulnerability is one of the serious weakness in WPA2 protocol that allows attackers within the range of vulnerable device(Access Point) to intercept data which includes passwords, emails, browsing history and other data presumed to be encrypted and even attacker can easily inject ransomware kind of malware into a website, a client is visiting with the help of poisoining.
The POC exploit is called KRACK, so called as Key Reinstallation Attack and is effective against all devices running Android, Linux, OpenBSD, Windows, MediaTek Linksys and other devices.
Compplete Demonstration of Krack Attack (WPA2 Cracking) against an Android Smartphone –
The research behind this attack will be presented at the Computer and Communications Security (CCS) conference on 1st November 2017, and at the Black Hat Europe conference And the details research paper can easily be downloaded by clicking the below link.
The developers already made scripts to detect this vulnerability which is vulnerable to key reinstallation attack but they didn’t released it yet.
By changing the password of your Wi-Fi network does not prevent (or mitigate) this Krack attack. So you do not have to update the password of your Wi-Fi network. Instead, you should make sure all your devices are updated, and you should also update the firmware of your router.
The main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details.
In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
This is the first attack against the WPA2 protocol that doesn’t rely on password guessing. Indeed, other attacks against WPA2-enabled network are against surrounding technologies such as Wi-Fi Protected Setup (WPS), or are attacks against older standards such as WPA-TKIP. Put differently, none of the existing attacks were against the 4-way handshake or against cipher suites defined in the WPA2 protocol. In contrast, the key reinstallation attack against the 4-way handshake (and against other handshakes) highlights vulnerabilities in the WPA2 protocol itself which affects millions of users.