News outlets cannot resist commenting on anything Cybersecurity related, especially when it sounds like something out of a mid-90’s TV hacker dictionary. We’re quickly on pace to break a record in 2017. At least with KRACK, it is a particularly interesting example of ingenuity and an unexpected response from the community.
Unlike some wireless exploits of yore, the KRACK vulnerability does not rely on a lazy implementation of “0000” to unlock the kingdom door. The 4-way handshake which defines wireless connectivity itself is susceptible to interference. We can place ourselves in a man-in-the-middle position, force retransmits of the third handshake stage, and therefore, inject anything we’d like into the datastream. We can manipulate data in transit to spoof content we’d like our victim to see. I may not need to work that hard – some devices, like your common Android and Linux system, even retransmit the third set of frames in plaintext. Open for all to see.
How did someone find this out? Well, I’d refer to the source instead. Considering that the 4-way handshake is a concept that was introduced in 2004, shuffling around the frames to get the response you’d like isn’t exactly a new idea. It is quite novel, however.
Equally interesting is vendor response to the issue. CERT is on point. They maintain a database full of information on vendors, patch availability, timing – all available and indexed for easy consumption. This coordinated vendor response and responsible disclosure should limit the real-world impact of KRACK. It is an interesting and appreciated virtue in a year of disastrous cyberattacks and incidents.
For more information - and the much needed technical breakdown - check out their website at https://www.krackattacks.com/
The whitepaper can also be found at: https:///ccs2017.pdf