What is KRACK and why the world is so blown away with the KRACK warning. KRACK stands for Key Reinstallation Attacks. For those who have not been into the news recently. Some of the renowned Belgium researchers have managed to exploit a new serious WiFi WPA2 Encryption leak whole which allows hackers to sneak pass security features and access the data of the users using that account.
Since the news is all over the place, more and more hackers are aware of this leak no. With millions and millions of people using the WiFi networks, assuming as the safest way to send and receive internet are at risk now. No matter which ever platform they are using The KRACK (Key Reinstallation Attacks) can be disastrous for anyone using a WiFi Encryption.
We have some details published here. Meanwhile an update have arrived as the Researcher Mathy Vanhoef of the KULevun org has described the KRACK as, “The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
Meanwhile you can read more about it here in his posted tweet.
My paper Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 is now online! https://t.co/MLzIdtQLXh
— Mathy Vanhoef (@vanhoefm) October 16, 2017
Here it is KRACK Attacks described in a video:
- CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
- CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
- CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
- CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
- CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
- CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
- CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
- CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
- CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
- CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
Tune In, as we are gathering more info regarding this new KRACK attack.