Full Report
On October 16, information on critical vulnerabilities in the WPA2 protocol, which enable attackers to bypass protection and listen to Wi-Fi traffic, was disclosed. Comments from Kaspersky Lab ICS CERT experts
Analysis Summary
# Vulnerability: KRACK (Key Reinstallation Attacks) in WPA2 Protocol
## CVE Details
- **CVE ID:** CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088.
- **CVSS Score:** 6.8 - 8.1 (High)
- **CWE:** CWE-323 (Nonce Reuse)
## Affected Systems
- **Products:** Any device implementing the WPA2 wireless standard. Includes Industrial Control Systems (ICS), PLCs with wireless modules, IoT devices, smartphones, and networking equipment.
- **Versions:** All implementations of WPA2; specifically critical for versions 2.4 and 2.5 of `wpa_supplicant`.
- **Configurations:** Systems using WPA2 with AES/CCMP, GCMP, or TKIP. Linux and Android 6.0+ are particularly vulnerable due to a flaw that resets the encryption key to all zeros.
## Vulnerability Description
The vulnerability, known as **KRACK**, exploits a design flaw in the WPA2 "four-way handshake." An attacker can force a "key reinstallation" by manipulating and replaying cryptographic handshake messages. When the victim reinstalls an already-in-use key, various parameters (incremental transmit packet numbers and receive sequence numbers) are reset to their initial values. This allows the attacker to bypass encryption, replay packets, and in some cases, inject forged data.
## Exploitation
- **Status:** Proof-of-Concept (PoC) available; publicly disclosed.
- **Complexity:** Medium (Requires precise timing and protocol manipulation).
- **Attack Vector:** Adjacent (Attacker must be within physical range of the Wi-Fi signal).
## Impact
- **Confidentiality:** High (Attacker can decrypt Wi-Fi traffic).
- **Integrity:** High (In certain configurations like GCMP or TKIP, attackers can inject/forge packets).
- **Availability:** Low (Does not directly crash systems, but can disrupt secure comms).
## Remediation
### Patches
- **OS Vendors:** Apply security updates from Microsoft, Apple, and Linux distributions.
- **ICS/Hardware:** Update firmware for wireless access points and industrial wireless bridges.
- **wpa_supplicant:** Ensure versions are patched against the listed CVEs.
### Workarounds
- **VPN/TLS:** Use end-to-end encryption (VPNs, HTTPS, SSH) to protect data even if the Wi-Fi layer is compromised.
- **Wired Connection:** Transition critical industrial infrastructure (PLC-to-HMI) to wired Ethernet where possible.
- **Disable WPA2 Client:** In industrial environments, disable wireless functionality on devices that do not strictly require it.
## Detection
- **Indicators of Compromise:** Difficult to detect via standard logs as the attack occurs at the Data Link layer (Layer 2).
- **Detection methods and tools:** Use specialized wireless Intrusion Detection Systems (WIDS) that scan for unusual re-transmissions of EAPOL-Key frames or "channel-based" Man-in-the-Middle (MitM) setups.
## References
- **Original Research:** hxxps[://]www[.]krackattacks[.]com[/]
- **Kaspersky ICS CERT:** hxxps[://]ics-cert[.]kaspersky[.]com/publications/blog/2017/10/18/wpa2-vulnerabilities-can-be-used-to-attack-industrial-systems/
- **CERT/CC Advisory:** hxxps[://]www[.]kb[.]cert[.]org/vuls/id/228519/