WPA2, KRACK, WTF? a basic, basic summary

The following started as notes to myself in preparation for talking about the KRACK weakness in the WPA2. It is far from comprehensive (I wrote it to be about as basic as I could), but could be helpful in understanding the basics of what is going on with it and why you should be concerned, but you shouldn’t freak out. My biggest take away from this is that we need to do a better job in how we talk to people about digital security and how imperfect the landscape is. More important than understanding one specific vulnerability is helping nontechnical people develop a framework for understanding how security research works and what steps they can take to start understanding the devices and infrastructure that they use.

 Wait, What?
In July, Mathy Vanhoef, an academic security researcher in Belgium, discovered a problem with the most common way to set up a password protected wifi network (WPA2). At first Vanhoef contacted the manufacturers of the devices where he initially discovered this. Then, he realized that there is a much larger problem and contact CERT/CC, an organization funded by the US government that works on digital security and sometimes helps researchers with vulnerability disclosures. Vanhoef is presenting his research soon at a couple different conferences, so a preliminary version of his paper has recently been made available. While the initial attack only affects some devices, all platforms are vulnerable to at least one variation of the attack found by Vanhoef.

This is group of vulnerabilities is being called KRACK, standing for Key Reinstallation AttaCK.

How WPA2 and this attack work
When your device connects to a wifi router, there’s a back and forth between the two before you can connect to the internet. WPA2 uses a 4-part handshake to make sure that you are connecting to the wifi you think you are connecting to. What Vanhoef found was that if someone pretends to be the wifi router you want to connect to, if the impostor router sends that request again at step three, the device will resend the requested information and the imposter router will be able to to figure out the shared secret key between the router and the device, allowing the attacker continuing impersonating the router and to decrypt the data sent between the router and the device. More recently, similar attacks have been successful at other points of negotiation between your device and a router, like when you move from one router to another on the same wifi network. The core problems come from the ability to make the routers reuse keys.

Accessing your data there would let the attacker see your internet traffic and they may be able to get your device to switch from HTTPS to HTTP, which would mean that they could see the content that you were accessing or sending, including passwords. The problem with WPA2 means that HTTPS is even more important right now.

Why this matters to individuals
We rely on WPA2 to secure much of our internet traffic. We send all sorts of sensitive data over wifi, like passwords, financial data, and health information. We rely on the internet for many things every day and we need to be able to trust this important infrastructure with not only more traditional kinds of sensitive information, but also our most personal communications and private questions.

The KRACK vulnerability requires a targeted attack. Unlike a lot of security issues, anyone attacking you would have to be within wifi distance (generally 90 meters or less). Most people are probably ok, but this can be a serious problem for people with higher levels of risk, such as activists, journalists, human rights defenders, and domestic violence survivors; as well as for networks with higher security needs, like those connected to health and finance.

What you can do about it
The main thing that you can do is install updates on your wifi router firmware and all of the devices that you use to connect to wifi. You will be protected as long as your device is patched, even if the wifi router hasn’t been. Because the main issues with someone having this kind of access is tricking your device into using HTTP instead of HTTPS or content injection (where an attacker makes it look like content is coming from a website, but it isn’t),you can also install the HTTPS Everywhere browser extension and remember to check for the little green lock to the left of the website address.

Windows has already put out a patch. Apple is about to release theirs (currently in beta release and waiting to make sure that it doesn’t contain bugs). Several of the Linux distros have addressed this. The Android update is scheduled for 5 November, but it is unclear when individual phones will actually receive the patch because updates have to go through the phone manufacturers, instead of directly to end users.

VPNs also offer protection, but when you use a VPN, you are trusting the VPN provider with all of that information about your internet traffic.

This isn’t something you can fix by changing your wifi router or network password, but it is always a good idea to use strong, unique passwords instead of the defaults. Diceware passphrases are particularly good for this.

How problems like this are discovered and addressed
There are thousands and thousands of security researchers, some academic, some professional, some in their free time, who poke around at the internet and related technologies to understand better how they work and to find problems so that they can be fixed. Many companies have programs specifically set up to handle security vulnerability reports, which are sometimes called “bug bounties.” When a problem with an individual device of application is discovered, the researcher will generally contact the company directly and report the problem. With something so overarching, like KRACK, the researcher may ask an organization like CERT/CC to assist in the process of figuring out how to responsibility disclose the security problem.

In both cases, once the researcher has told affected parties about the issue, there’s generally a certain amount of time where the problem is kept secret so that a patch can be put in place. After that chunk of time, the researcher may announce the issue even if the patch is not yet in place. This is partially because otherwise companies might not feel the need to work quickly on the patch and because other people could also discover the issues, so staying quiet doesn’t necessarily keep the general public safe.

The bigger picture
A lot of the time, we accept the technology around us without really thinking about what it is or how it works. When we don’t understand what we are using, it’s very hard to know what kinds of risks we are taking or what decisions we are actually making. Wifi Routers aren’t magic. They are tiny computers with radios attached. In the current state of consumer electronics, we don’t necessarily know if the devices we are using are getting security updates and it can be very hard to tell. That means it is really hard to push for better options as an end user. We are increasing understanding just how important router security is and the lack of understanding of it and the relative lack of firmware updates for routers will be an increasing problem as more and more devices connect to the internet wirelessly.

Links links links!
Site explaining the research, from Vanhoef: https://www.krackattacks.com

HTTPS Everywhere: https://www.eff.org/https-everywhere

Information about diceware passphrases: https://www.eff.org/dice

Refresh on HTTPS: https://www.eff.org/pages/tor-and-https

The paper: http://papers.mathyvanhoef.com/ccs2017.pdf

Vulnerability notes database for KRACK (to check if a particular device is affected): https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4

Very early Ars Technica article on KRACK: https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

And a comic for all of us who are so over waiting for critical firmware updates: http://www.commitstrip.com/en/2017/10/16/wpa2-vulnerability-just-a-small-update