KRACK Attack is Back

1 Like

Is there a (relatively) simple way for the average user to verify that the necessary protections are in place and working?

very good idea.
unfortunately this kind of tool would also allow everyone else to "test" your wifi and proliferate public naming and shaming of non-fixers.
is therefore outlawed in most countries; thank your local conservative party.

having a name and a domain for a vulnerability is the best we can do atm in terms of raising public awareness.

This appears to be an exploit of the sleep frame.

This is on the client-side...where the exploit (always) existed.

It's not illegal to use a tool to test your own WiFi...finding the proof-of-concept software may be difficult, though. Things like that tend to stay in research circles. Ask the discoverer(s) if they have one.

1 Like

Another noteworthy vulnerability is that some routers accept replayed message 4's of the 4-way handshake. In particular, more than 100 routers that use the MediaTek MT7620 chip, such as the RT-AC51U, are vulnerable to this attack.

How so? Is the driver buggy?

we performed our tests with both plaintext and encrypted message 4’s.
We tested all devices in Table 2, and discovered that the default
firmware of the RT-AC51U and TP-Link RE370K accepts replayed
message 4’s. Upon further inspection, we found that the MediaTek
driver for both the 2.4 and 5 GHz Wi-Fi chips in these devices has an
invalid state check in the function that processes message 4’s (see
Listing 1). The function starts by checking if it has already received
message 2 (see line 6). If not, it discards the message. However, this
condition does not check whether a message 4 has already been
received (i.e. whether WpaState equals AS_PTKINITDONE). As a
result, replays of message 4 are accepted. Moreover, an adversary
can simply replay the original plaintext message 4, meaning a MitM
is not required. Rather worrisome, these Wi-Fi chips are present in
more than 100 different devices, ranging from APs, wireless cameras,
wireless network extenders, home automation switches, NAS
devices, smart power plugs, and so on [58]. Unless these devices use
a different driver from the ones we tested, they are all vulnerable.

Is this fixed?

I found this to test:

1 Like

Set up firewall and do not use unencrypted protocols directly.
Wrap all the traffic inside HTTPS / SSH / VPN.
It can't prevent exploiting wireless vulnerabilities, but your system and data will be safe.

Are you saying that WPA are redundant ? If so, do you have a open network at home? If not, why not?

Are you saying you have all your external ports open, because each service should be safe enough?

@vgaetera is not saying you should not use WPA, he is saying you should never trust a single layer.

1 Like

Is the recomindation these day to use openvpn for lan communication as well, is that necessary these days?

@eduperez I understood the comment as "it is ok to have KRACK exploitable on your WIFI". These days there are a ton of devices that connect to the network on which you cannot install a VPN on (TVs, DVD players, appliances etc).

I would like to know if MT7620 devices using Openwrt are still vulnerable. What revision fixed them or if there is a plan to fix them.

You can install openvpn on android tv no problem. Did so when crack first came out

@Camicia No, I am not saying you should ignore KRACK, I am saying that every piece of software has vulnerabilities. Some all well known and have a fancy name, some require too many resources to be exploited in practice, some still remain to be found...

If you are really paranoid about security, you should never thrust a single layer.

1 Like