[clug] WPA2 4-way handshake client vulnerability

steve jenkin sjenkin at canb.auug.org.au
Thu Oct 19 01:49:27 UTC 2017 

[update at end]

> On 17 Oct 2017, at 06:51, Chris Smart via linux <linux at lists.samba.org> wrote:
> 
> https://www.krackattacks.com/
> 
> "In a key reinstallation attack, the adversary tricks a victim into
> reinstalling an already-in-use key. This is achieved by manipulating and
> replaying cryptographic handshake messages. When the victim reinstalls
> the key, associated parameters such as the incremental transmit packet
> number (i.e. nonce) and receive packet number (i.e. replay counter) are
> reset to their initial value. Essentially, to guarantee security, a key
> should only be installed and used once. Unfortunately, we found this is
> not guaranteed by the WPA2 protocol. By manipulating cryptographic
> handshakes, we can abuse this weakness in practice....
> 
> Linux's wpa_supplicant v2.6 is also vulnerable to the installation of an
> all-zero encryption key in the 4-way handshake. This was discovered by
> John A. Van Boxtel. As a result, all Android versions higher than 6.0
> are also affected by the attack, and hence can be tricked into
> installing an all-zero encryption key. The new attack works by injecting
> a forged message 1, with the same ANonce as used in the original message
> 1, before forwarding the retransmitted message 3 to the victim."
> 
>

Thanks to Chris for raising this on the list.

For those playing at home, Debian & Ubuntu released security patches a few days ago. I’d expect Fedora &RedHat would’ve done the same.
Looking at what I presume is the ‘upstream’ code, there might be another round of minor changes to come after some more testing.

My ZTE Android device hasn’t seen a ‘Play Store’ update, but maybe on Nov 6th - but would Google push kernel updates like this?
<https://www.androidcentral.com/krack>

Hadn’t checked before today, but iiNet has a firmware update dated 'Oct 18’ & another ‘Oct 19’.
But the date on file downloaded is Aug 2015 and the the release/version numbers are the same [HG658 V100 R001 C138 B020]
No email from iiNet about this yet though.
<http://ftp.iinet.net.au/pub/iinet/firmware/HomeGateway/HuaweiHG658/>

If anyone has good information on how Android kernel updates are going to be rolled out, I’m very interested.

regards
steve

====================

This Seems to be the ‘upstream’ for wpa_suplicant source code
<http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=summary>

Ubuntu Security Notice USN-3455-1
<https://usn.ubuntu.com/usn/usn-3455-1/>
> Several security issues were fixed in wpa_supplicant.

DSA-3999-1 wpa -- security update
<https://www.debian.org/security/2017/dsa-3999>

Jessie
<https://packages.debian.org/source/jessie/wpa>
<https://packages.debian.org/jessie/wpasupplicant>
<https://packages.debian.org/jessie/hostapd>

Source code - can’t find the changelog :(
<https://anonscm.debian.org/viewvc/pkg-wpa/wpa/trunk/>

<https://anonscm.debian.org/viewvc/pkg-wpa/wpa/trunk/debian/changelog?view=log>
Revision 1976 - (view) (download) (annotate) - [select for diffs] 
Modified Wed May 25 03:07:15 2016 UTC (16 months, 3 weeks ago) by slh-guest 

From downloaded tarballs:
wpa_2.3-1+deb8u5.debian.tar.xz

ls -l debian/changelog
-rw-r--r--  1 steve  staff  107252 14 Oct 23:11 debian/changelog

> wpa (2.3-1+deb8u5) jessie-security; urgency=high
> 
>  * Non-maintainer upload by the Security Team.
>  * Add patches to fix WPA protocol vulnerabilities (CVE-2017-13077,
>    CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,
>    CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088):
>    - hostapd: Avoid key reinstallation in FT handshake
>    - Prevent reinstallation of an already in-use group key
>    - Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
>    - Fix PTK rekeying to generate a new ANonce
>    - TDLS: Reject TPK-TK reconfiguration
>    - WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used
>    - WNM: Ignore WNM-Sleep Mode Response without pending request
>    - FT: Do not allow multiple Reassociation Response frames
>    - TDLS: Ignore incoming TDLS Setup Response retries
> 
> -- Yves-Alexis Perez <corsac at debian.org>  Sat, 14 Oct 2017 14:11:26 +0200


--
Steve Jenkin, IT Systems and Design 
0412 786 915 (+61 412 786 915)
PO Box 38, Kippax ACT 2615, AUSTRALIA

mailto:sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin

More information about the linux mailing list