We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
KRACK (Keyless Re-installation Attack) is a vulnerability in WPA2 (Wireless Protected Access 2) that could allow an attacker to eavesdrop on Wi-Fi traffic, reading encrypted network traffic, and in some cases, sending traffic back to the network
This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk
Page contents
Summary
KRACK (Keyless Re-installation Attack) is a vulnerability in WPA2 (Wireless Protected Access 2) that could allow an attacker to eavesdrop on Wi-Fi traffic, reading encrypted network traffic, and in some cases, sending traffic back to the network
Threat details
Millions of Wi-Fi enabled devices are at risk including Windows, Apple, Linux, Android and more.
There are several key management vulnerabilities in the four-way handshake of the WPA2 security protocol. The impact of exploiting these vulnerabilities include, but are not limited to, packet decryption, packet replay, TCP connection hijacking and HTTP content injection.
To exploit this vulnerability, an attacker would have to be physically close to the target device. The attacker cannot derive the WPA2 encryption key (or password) and hence cannot connect malicious devices directly to the Wi-Fi network. There is no need to change Wi-Fi passwords or other enterprise credentials in response to the KRACK vulnerability.
Note that as a protocol-level issue, this will likely affect all correct implementations of the standard including WPA2 Personal (as commonly seen on home networks and in small businesses) and WPA2 Enterprise profiles.
CVE identifier CVE-2017-13080 has been assigned to the KRACK vulnerability.
Update
A number of BD (Benton, Dickinson and Company) Pyxis medical products are vulnerable to KRACK key re-installation attacks. An attacker may use this attack to gain access to sensitive medical data.
For a full list of affected products further information please see the BD Security Bulletin and ICS-CERT Advisory ICSMA-18-114-01.
Update
The researchers who originally discovered KRACK have released a new paper detailing several new exploitation methods. They claim they are now able to perform KRACK-based attacks on the 802.11v standard and the Fast Initial Link Setup (FILS) and Tunneled direct-link setup PeerKey (TPK) handshake used in mobile environments.
Several proof-of-concept exploits have also been released by the researchers, who say that they are able to bypass current patches.
A number of BD (Benton, Dickinson and Company) Pyxis medical products are vulnerable to KRACK key re-installation attacks. An attacker may use this attack to gain access to sensitive medical data.
For a full list of affected products further information please see the BD Security Bulletin and ICS-CERT Advisory ICSMA-18-114-01.
Remediation steps
Type
Step
KRACK does not compromise connections to secure services that are encrypted using HTTPS or VPN technologies.
Using a trusted Virtual Private Network (VPN) should protect wireless communications from the attack but please note the VPN provider will be able to log all of your internet traffic - privacy is not threatened if application layer application encryption is in use.
If you require a secure, encrypted connection, consider using Ethernet.
Microsoft released security updates on October 10, 2017 as part of Update Tuesday to resolve this vulnerability in all affected editions of Windows. Customers who have Windows Update enabled and who applied the latest security updates are protected automatically. See Microsoft Security Advisory CVE-2017-13080
Other vendors are developing patches to remediate this issue - please monitor for patch releases. Users are protected once both the user's device and the Wi-Fi router has been patched.
Monitor enterprise wireless networks - wireless intrusion detection system (WIDS) may be able to signature an attacker attempting to use the KRACK vulnerability.
Check the configuration of enterprise wireless access points – if access points or Wi-Fi routers are configured to use the older TKIP standard, you should update its configuration to use AES-CCMP.
WPA2 Enterprise mode may be susceptible to attack even after clients have been patched. You should temporarily disable client functionality on devices that act as Wi-Fi repeaters and disable 802.11r (fast roaming) until the wireless access points have also been patched.
Note - Wi-Fi networks protected by WPA2 are still more secure than a Wi-Fi network protected by WEP or WPA and free public Wi-Fi services.