What is the WPA2-KRACK vulnerability?
Lets begin with a quick overview of WPA2 itself: WPA2 is the recommended security mechanism in 802.11 Wi-Fi networks. It covers authentication and encryption. Two ways it is used are:
- WPA2 Pre-shared keys: every user on the network has a pass-phrase (between 8-63 characters long) and so does the Access Point. Typically the same passphrase would be used by all users, but some implementations support a per-user passphras
- WPA2 Enterprise: users authenticate to a RADIUS server (through the Access Point), and use some credentials they provide (password, certificate, smart-card etc) to authenticate.
In both these scenarios after this authentication, a “four-way handshake” occurs between the AP and the wireless client. These four messages are used to derive a per-client session-key which will be used for encryption, as well as by the AP to provide the clients a “group key” which is used for broadcast and multicast messages, which are meant to be decrypted by all clients.
All packets after these four messages are then encrypted, typically with AES-CCM (AES-CCMP).
A key tenet in the encryption method used by WPA2-AES (CCMP) is that the same session-key and packet counter should not be used twice. WPA2-KRACK, the result of research by Mathy Vanhoef a researcher at Belgiums KU Leuven university, breaks this by causing the client to reset and re-use its packet counter, by not changing its encryption key. This is done by exploiting both the regular 4-way handshake, as well as its variant in the 802.11r fast-roaming protocol.
What is the impact of KRACK?
On a WPA2 AES network an attacker who forces the packet number reset, can capture data packets and by analyzing these against other packets where the contents can be guessed (Eg: DHCP or ARP) these packets can be decrypted. When used with TKIP instead of AES, packets can even be forged and injected into the network by the attacker.
What can I do to protect my network from this attack?
If you are using Mesh Client mode or 802.11r, then disabling those temporarily are a workaround to mitigating this attack, in addition to applying patches provided by device vendors (APs and clients).
Will Cambium be providing software updates to mitigate this attack?
Cambium is working on a software update for this: version 3.4.3.5 will be made available as soon as possible with this fix. All future firmware releases starting from 3.4.4 will also include this fix.
Are only Access Points impacted or also wireless clients?
Both are impacted by this as there are specific ways under which either of them can be made to reset their packet counter and re-use the same encryption key. To fully protect from this, BOTH clients as well as Access Points may need to be upgraded.
Will changing my WPA2 passphrase or changing from WPA2-PSK to WPA2-Enterprise help?
No. Both versions of WPA2 are impacted, and the attack is not based on the length or quality of the passphrase.
I have both 802.11r as well as OKC currently enabled, do I need to turn both off?
No, Opportunistic Key Caching is not affected by this attack and can be left enabled. Disabling just 802.11r is enough to prevent the version of the attack that exploits the FT protocol.
What does KRACK stand for and where can I get more information on this?
Key Reinstallation Attacks. The researchers who found this vulnerability have more details on their website here: