CRACK COCAINE: unimaginable scale of vulnerable devices to eavesdrop on the communication by Wi-Fi WPA

Mathy Vanhoef of imec-DistrNet touched on his discovery of the whole world. Until now, we thought that WPA2 for wireless network (IEEE 802.11) security is completely sufficient. Unfortunately it is not.

CRACK COCAINE (Key Reinstallation AttaCK) — This includes 11 vulnerabilities in the Protocol, WPA2, some devices may contain more than one vulnerability, which are represented by the following CVE identifiers. Study author has identified and described so far, the vulnerability:

  • CVE-2017-13077: Reinstallation of the roam encryption key (PTK-TK) in the 4-way handshake.
  • CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
  • CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
  • CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
  • CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
  • CVE-2017-13082: Accepting and retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the roam encryption key (PTK-TK) while processing it.
  • CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
  • CVE-2017-13086: Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
  • CVE-2017-13087: Reinstallation of the group key (GTK) when processing and Wireless Network Management (SUI) Sleep Mode Response frame.
  • CVE-2017-13088: Reinstallation of the integrity group key (IGTK) when processing and Wireless Network Management (SUI) Sleep Mode Response frame.

What is a CRACK?

CRACK COCAINE is a named collection of vulnerabilities in the Protocol, WPA2, which we secure wireless network at home, in business or in public places. CRACK does not apply directly to a specific device or operating system, so compromises users almost all devices connected to a global network via Wi-Fi to eavesdrop on the communication. Covered above all: Smartphones, computers, access point (Access Point), IoT, TVs, IP cameras, etc.

As the author points out, CRACK COCAINE is especially catastrophic for Linuksów and Android version 6 or later, and it is thanks to the component of WPA_Supplicant -this, as a result of the use of one of the vulnerabilities, when you receive the encryption key from the third the message set in the process of establishing a communication (4-key handshake), again plays one of the messages 4-key handshake by resetting. "nonce" (arbitrary number that may only be used once) used in the encryption of communication. With the founding of the "nonce" can be used one time only, but an attacker can force the router or access point to multiple install encryption key consisting of all zeros. Knowing the contents of the key attackers may exploit this attack technique to capture the encrypted messages, including: theft of confidential information (passwords, credit card numbers and other messages). Depending on your network configuration, it is also possible the injection and manipulation of data — an attacker could inject ransomware or other malicious software to the browser.

We made a similar experience injecting additional content to Web sites on your local network, by checking how they deal with security products detect network attacks.

Table of possible attacks.

What should I do?

The problem is not an implementation of the Protocol, but its architecture, which makes producers have to upgrade the firmware of their devices, and users to install security updates automatically, or manually. In order to effectively carry out the attack, the attacker must be within range of the access point and the client, so the client (user) and the access point (access point or router) must be updated. With Android devices that do not already receive security updates, this can be really not to jump. Very helpful is a list of producers who have provided the update.

You can not listen to users who encrypt communication VPN tunnel (for example. OperaVPN or OpenVPN), but it can be such a communication. It's like with the MiTM attacks — if the communication is not encrypted, "you can see everything" — sending IMAP email, surfing the pages with "padlock and HTTPS" impossible to capture, but it is impossible to decipher the communications described KRAK-iem, if the Protocol is correctly implemented, and is not vulnerable for example. on ssltrip, where the offender will be able to force the browser to communicate with the WEB server provided an unencrypted channel.

Regardless of the operating system and devices for all users should visit the Update Center and install available patches. Most Linux distributions already received the updates. Microsoft also has developed a fix. Updates made to Apple and well-known manufacturers of network devices. The rest of the users — mainly newer smartphones — must wait for their turn. Maybe even a few months, or years. Older devices certainly written down are at a loss.


Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.