WPA2 Vulnerability Announcement
October 16, 2017 – Today the US-CERT announced several vulnerabilities in the WPA2 encryption implementation in clients and APs, the first known significant “crack in the code” to wireless networks in over 10 years. The vulnerabilities has been named KRACKs (Key Reinstallation AttaCKs). WPA2 is widely regarded as the industry’s most secure wireless encryption protocol.
Who is affected?
Organizations (corporate enterprises, businesses, schools and universities, retail shops and restaurants, government agencies etc.) that have deployed WiFi networks using WPA2 encryption are affected. When mobile users connect to these WiFi networks with smartphones, tablets, laptops, and other devices, they are exposed to these vulnerabilities. Both the 802.1x (EAP) and PSK (password) based networks are affected.
What is WPA2?
WPA2 (802.11i) is currently the standard for wireless link security in WiFi networks. It uses either 802.1x (EAP) or pre-shared key (password) based authentication. In 802.1x, the client is authenticated from a backend RADIUS server at the time of setting up a wireless connection. During the authentication process, the client and the RADIUS server generate at their ends a common master key. The master key is sent from the RADIUS server to the AP over a secure wired network. In PSK, the master key is installed in the client and the AP by entering the same passphrase (password) on both sides. The master key is then used to generate a hierarchy of “temporal keys” to be used for encryption and integrity protection for data sent over wireless link between the AP and the client. This cryptographic protection is using CCM protocol (CCMP) which uses AES-CTR encryption and AES-CBC for integrity protection.
Vulnerabilities have been discovered regarding how clients and APs implement state machines in software to implement WPA2 temporal key generation and transportation handshakes. The vulnerabilities can be exploited by manipulating certain handshake messages over the air. The exploit results into reuse of some packet numbers when handshakes are performed.
Reuse of packet numbers violates the fundamental principle on which the strength of WPA2 encryption and replay security is based. The principle is that for a given WPA2 temporal key, packet numbers in any two packet transmissions protected by the key must not be the same and the receiver must only accept a new packet if its packet number is higher than the most recently received packet. For packet pairs where the former part of the above principle is violated, it is possible to determine the content of one packet if the plaintext of the other packet is known or can be guessed. When the latter part of the above principle is violated, it permits adversary to replay old packets to the receiver.
What is the remedy?
Of the 10 vulnerabilities disclosed today, 9 are due to flaws in the client software implementation, and therefore must be fixed in the client device (phone, tablet, etc.). Most providers of handheld device operating systems are expected to issue a software update immediately that users should download and install.
However, until those client devices have been patched, the wireless access point (AP) can provide mitigation for these vulnerabilities, by blocking the dangerous handshake messages that are known to trigger these vulnerabilities. In Mojo access points, this mitigation logic is available today in the current software release 8.5 that is already in the cloud.
The remaining 1 out of the 10 vulnerabilities is due to a flaw in a popular WiFi software driver called “hostapd” that runs on most access points. This issue can only be fixed on the wireless access point. In Mojo access points, this fix is available today in the current software release 8.5 that is already in the cloud.
Mojo access point customers who use on-premise management server instead of the Mojo cloud service need to download software version 8.5 from Mojo support portal and upgrade their access points.
WiFi networks that use Mojo full-time WIPS (either as an overlay or with the C-130 third radio), benefit from zero day protection for 9 out of 10 vulnerabilities that are on the client side. This zero day protection is available in all installed versions of Mojo WIPS, as long as AP MAC spoofing detection and prevention are enabled. AP MAC spoofing is the main vehicle used to exploit these 9 vulnerabilities, and by blocking the AP MAC spoofing, these exploits are foiled. Note that in C-130 third radio case, there need to be at least two C-130 APs side by side - one being spoofed and the other’s third radio monitoring the spoofed AP. WIPS will block the exploit until either APs are upgraded or clients are upgraded.
Mojo CISO Hemant Chaskar interview on KRACK attack
Where can I find more in depth technical information on these vulnerabilities?
Mojo Networks has posted a video blog that reviews these vulnerabilities and countermeasures in detail here: http://blog.mojonetworks.com/wpa2-vulnerability
Who is Mojo Networks?
Mojo Networks, formerly known as AirTight Networks, is a Silicon Valley-based provider of cloud-managed WiFi networks. The company is a trusted leader in wireless security and the inventor of Wireless Intrusion Prevention Systems (WIPS). Mojo’s team holds over 30 critical patents in wireless security, and is trusted by thousands of customers worldwide, including many large financial institutions and the highest levels of government.
Mojo delivers secure, high-performance WiFi that is deeply intelligent and immensely scalable. Cognitive WiFi™, Mojo’s cloud-managed WiFi solution, applies artificial intelligence to the wireless network at a degree that is only possible by harnessing the limitless computing power and storage capacity of the cloud. The result is a brilliant self-driving network that enables businesses to achieve stellar network performance and unsurpassed data protection, while reducing IT costs and minimizing time spent on network troubleshooting.