Active Expert / WiFi Training closely monitors private and public WiFi security forums. We have alerted our clients prior to the release of the public announcement today. This post will be dynamic and updated as new information is released from the various vendors.
What we know …..
WPA2 has a known vulnerability to rainbow tables and dictionary attacks. These attacks are very time consuming and in practice are challenging if long shared secrets are used.
But it would appear there is a new vulnerability. What that vulnerability is at this point is not main stream public knowledge. We have reason to believe it’s a vulnerability that potentially someone can reinstall keys (pairwise, group, integrity) at the client. If this is the case this is more a client issue and not an infrastructure problem. We believe this because of the December 2017 black hat conference.
Since this appears to be a professional research release and not a black hat hacker release detailed specifics and how to’s will likely be suppressed in some fashion.
This is the website released by the two people who discovered this vulnerability and have demonstrated the attack on their site.
Watch the demonstration here.
WPA3 has been in the works for a while now. It’s based on suite b, but it’s some time away. AES Crypto is crunched in hardware. This means in most cases a WiFi NIC upgrades would be required to support suite b on older NIC’s.
In a statement to Windows Central, a Microsoft spokesperson said the company released the security fix on October 10 as part of its regular Patch Tuesday updates. From Microsoft:
Microsoft released security updates on October 10th and customers who have Windows Update enabled and applied the security updates, are protected automatically. We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates.
- CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
- CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
- CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
- CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
- CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
- CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
- CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
- CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
- CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
- CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
Note that each CVE identifier represents a specific installation of a key re-installation attack. This means each CVE ID describes a specific protocol vulnerability, and therefore many vendors are affected by each individual CVE ID. You can also read vulnerability note VU#228519 of CERT/CC for additional details on which products are known to be affected.
Some of the vulnerable clients include
We will continue to update our clients, students, followers, and community as we receive new information.
Our current recommendation is to watch these boards, and continue to patch all potential affected infrastructure and clients ASAP.
“As the video shows the team who uncovered this do have tools to automate this attack, however they have publicly committed to not releasing it for the next couple weeks. Of course, there is no guarantee’s they will not or others won’t create and distribute tools sooner, but it inspires confidence in the discovery team for announcing the vulnerability without releasing the tools and committing to delaying their scripts release. That said, the skill-set required for this particular attack without their tools is still very high which should lower most risk assessment scores for at least the next week or two.”
Follow us on twitter.