New WPA2 Attack (KRaCKs) – How To Prevent It

​Here is my video breakdown on Key Reinstallation Attacks (KRaCKs) – Breaking WPA2 by forcing nonce reuse.

CATEGORIES
  • Kattz says:

    My dog started barking at 4am last night. I found a guy typing away on a white Nexus 6 in my driveway. The Nexus 6 will run hacking tools. The guy very nervously tried to explain why he was there and the explanation was something about his friend’s network being down. That made me think that he was trying to hack into mine. My dog is pretty big so he got out of there quickly. Add a large dog to the list of your essential network security tools. It worked for me, lol.

    I wasn’t too worried about my wifi password being cracked as i use WPA2 and take all of the precautions. I was just very creeped out about the trespasser. Then, I got on the train this am and heard about this. . It’s getting harder to stay ahead of these guys all of the time.

    • Nathan House says:

      Weird!

    • Jay says:

      This is reassuring. I knew there was a good reason for why I’m paranoid…

    • Alexander S Garvey says:

      Good tip, my dog will bark and alert us for anyone she doesn’t know. Nevertheless, custom firmware helps to some extent, not to mention setting up MAC authentication and allowing only certain devices on your network. That is weird though, some guy in your driveway at 3:00 AM.

  • Jonah says:

    So, my data transmission over wifi can be captured by hackers as long as they are in the wifi range. And it seems updates won’t help much? It is the 4-way handshake that is hacked. Does that mean a new protocol has to be invented to fight against this hacking effectively?

  • Arthur says:

    Always thank ‘s Man

  • alp says:

    So you are saying that anyone who successfully performs this attack, can look at their victim’s internet traffic. Can they look at the emails you send. Also, can they see your communication between a website? Perhaps sending sensitive information to a website. Thanks have a great day!

  • Kevin says:

    Is this something that needs to patched on BOTH the AP and the client?

    • Nathan House says:

      This is what they say “Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.”

  • Neman says:

    Really appreciate this. Thanks a lot.

  • John says:

    My router is running as a vpn client to route all traffic through vpn. Since the attack occurs between my client and router this configuration mitigate the attack or does the vpn need to be run from the clients, before the router?

  • John says:

    My router is running as a vpn client to route all traffic through vpn. Since the attack occurs between my client and router does this configuration mitigate the attack or does the vpn need to be run from the clients, before the router?

  • TC says:

    Thankyou for the info, always good to know!

  • Mohamed says:

    Hi Nathan,

    Just a quick question. I bought a Cisco 877W the other day and currently using it for home network. I don’t think Cisco support it any more. Is it vulnerable in the first place? And if so? How can I mitigate it?

    • Nathan House says:

      You’ll need to contact the vendor.

      The following Common Vulnerabilities and Exposures (CVE) identifiers were assigned to track which products are affected by specific instantiations of our key reinstallation attack:

      CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
      CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
      CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
      CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
      CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
      CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
      CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
      CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
      CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
      CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.

  • Andy says:

    Good to know thank you. It’s good i am using wired and vpn + https for confidential and sensitive data

  • CHOCO says:

    what if i just disable the broadcast of Beacon frame and not being visible on the air (except deauthentication attack)?

  • Anand says:

    Can you learn how to perform KEY REINSTALLATION ATTACK

  • Anand says:

    Please learn how to perform Key reinstallation attack

  • >