KRACK’s attack on WPA2 is back to date

KRACK’s attack on WPA2 is back to date and Researchers presented a new version of the attack reinstalling the keys to the WPA2 protocol.

Belgian security researcher Mathy Vanhoef, a year ago who introduced the Key Rei-nstallation Attack (KRACK) to the world, has now introduced its new version.

KRACK’s attack on the WPA2 protocol, which means that all its implementations are at risk. The attacker can trick the four-way handshake used by WPA2 and force the victim to reuse a random code intended for one-time use only.

As a result, an attacker is able to intercept traffic and gain access to information previously considered to be securely encrypted.

Vendors were forced to urgently fix the vulnerability, but a year later, the Vanhof with his colleague Frank Piessens presented a new attack.

The researchers again succeeded in attacking the “quadrilateral handshake”, this time dispensing with the uncertainty of parallelism (race condition) and using a simpler method of launching the man-in-the-middle attack on several channels.

According to the researchers, the updated 802.11 standard is still vulnerable to the re-installation of group keys, and patches from some vendors contain vulnerabilities.

A “four-way handshake” is a user authentication mechanism that involves the creation of a unique encryption key and traffic transmission.

Authentication occurs every time you connect to the network and confirms that both parties (the client and the access point) have authentic credentials.

Concurrency uncertainty is a design error of a multi-threaded system or application, in which its operation depends on the order of execution of parts of the code.

Leave a Reply