Full Report
Critical vulnerabilities that have recently been identified in the WPA2 protocol enable threat actors to carry out Man-in-the-Middle (MitM) attacks and force devices connected to the network to reinstall encryption keys that protect traffic. These vulnerabilities can be used, among other things, to implement attacks on industrial automation systems.
Analysis Summary
# Vulnerability: KRACK (Key Reinstallation Attacks) in WPA2 Protocol
## CVE Details
- **CVE ID:** CVE-2017-13077 through CVE-2017-13088 (Collective set of 10+ vulnerabilities)
- **CVSS Score:** 6.8 - 8.1 (High)
- **CWE:** CWE-323: Reusing a Nonce, Key, or IV
## Affected Systems
- **Products:** Any Wi-Fi enabled device using the WPA2 protocol with AES-CCMP, GCMP, or TKIP. This includes Industrial Control Systems (ICS), PLCs with integrated Wi-Fi, industrial gateways, and wireless sensors.
- **Versions:** All implementations of the WPA2 standard prior to the October 2017 patches.
- **Configurations:** Systems using the standard WPA2 4-way handshake, Group Key handshake, or Fast BSS Transition (FT) handshake. Linux and Android 6.0+ systems are particularly susceptible to a variant where the encryption key is cleared from memory.
## Vulnerability Description
KRACK (Key Reinstallation Attack) targets the 4-way handshake of the WPA2 protocol. When a client joins a network, it performs a handshake to confirm credentials and negotiate encryption keys. The attacker manipulates the retransmission of handshake messages to trick the client into reinstalling an already-in-use encryption key. By resetting the incremental transmit packet number (nonce) and receive replay counter, the attacker can decrypt traffic, perform packet injection, and in some cases, hijack TCP connections or inject malicious content into HTTP streams.
## Exploitation
- **Status:** PoC available; widely documented but complex to execute in real-time.
- **Complexity:** Medium (Requires specialized knowledge of Wi-Fi protocols).
- **Attack Vector:** Adjacent (Attacker must be within physical radio range of the wireless network).
## Impact
- **Confidentiality:** High (Traffic can be decrypted).
- **Integrity:** High (Packets can be forged or injected in certain configurations).
- **Availability:** Low (While communication can be disrupted, the primary goal is data interception).
## Remediation
### Patches
- **OS Vendors:** Microsoft (October 2017 updates), Apple (iOS 11.1), and various Linux distributions released patches shortly after disclosure.
- **Industrial Vendors:** Siemens, Rockwell Automation, and Schneider Electric have issued specific advisories for wireless industrial components. Users should update firmware to the latest manufacturer-recommended versions.
### Workarounds
- **VPN:** Use a VPN or encrypted tunnels (TLS/SSH) for all industrial traffic passing over Wi-Fi.
- **Wired Migration:** Move critical industrial control traffic to wired Ethernet where feasible.
- **Disable Fast Roaming:** Disable 802.11r (Fast BSS Transition) on Access Points if patches are not yet available.
## Detection
- **Indicators of compromise:** Presence of unauthorized or "cloned" Access Points (Evil Twin) with the same MAC address as legitimate APs.
- **Detection methods and tools:**
- Use Wireless Intrusion Detection Systems (WIDS) to monitor for unusual 802.11 management frame retransmissions.
- Specialized scripts released by the original researcher (Mathy Vanhoef) can be used to test if a client or AP is vulnerable.
## References
- **Original Research:** hxxps[://]www[.]krackattacks[.]com/
- **Kaspersky ICS CERT:** hxxps[://]ics-cert[.]kaspersky[.]com/publications/reports/2017/11/15/the-relevance-of-wpa2-vulnerabilities-and-krack-attacks-to-industrial-systems/
- **CERT/CC Advisory:** hxxps[://]www[.]kb[.]cert[.]org/vuls/id/228519/