10

What are the real-world consequences of the WPA2 KRACK attacks on older Windows systems (XP/Vista) and iOS devices (10 and older) that will not be patched?

I am aware of another question on this site that asks about the consequences of the KRACK attacks, but the current answer to that question addresses the general consequences of the attacks - it does not address Windows and iOS clients specifically.

I have seen multiple articles stating that Windows and iOS clients are impacted differently than other clients. For example, one article suggests Windows and iOS users don't really have anything to worry about:

First off, there’s good news for Windows and iOS users about KRACK: It doesn’t matter for you. Although the vulnerability is technically present, any realistic attack using KRACK against Windows or newer versions of iOS won’t work or doesn’t present a serious threat.

Another article says the following:

While Windows and Apple IOS devices are not vulnerable to the four-way handshake attack, they are vulnerable to the group key handshake attack and the Fast BSS attack.

So what could an attacker actually do to Windows and iOS clients using the group key handshake and Fast BSS attacks? Are those attacks really nothing to worry about as some articles suggest?

pacoverflow
  • 262
  • 1
  • 10

1 Answers1

1

I suspect that some parts of KRACK are still applicable to both older Windows and older iOS devices.

The group-key handshake issue (CVE-2017-13080) has a Windows security advisory, but unsupported OSes like Vista and XP are not listed (unsurprisingly). Given that this is a protocol-level issue that has been in place for a very long time, and given that all actively supported versions of Windows are affected, my guess is that XP and Vista are also be affected. (It's also important to note both that paid XP support is still theoretically available, and that the Qualys advisory includes XP Embedded in its detection list for this CVE.)

The impact, from the paper:

By forcing nonce reuse in this manner, the data-confidentiality protocol can be attacked, e.g., packets can be replayed, decrypted, and/or forged. The same technique is used to attack the group key, PeerKey, and fast BSS transition handshake.

The fast BSS issue (CVE-2017-13082), by contrast, does not appear to have an associated Microsoft security bulletin at all that I could find. At first, I tentatively concluded that no Microsoft products are actually subject to this specific CVE - but then I realized that others have been unable to locate any of the other specific CVEs in Microsoft references.

However, CVE-2017-13082 is an AP-side issue that can only be fully remediated by patching the AP. It's possible that if a device is using Vista or XP in Internet Connection Sharing and it is acting as an AP, then it might be subject to the fast BSS issue. [Edit: there is some evidence that ICS does not use 802.11r]

If so, the impact would therefore be the same as for other platforms - a specific kind of spoofing in which replaying frames from the access point to the client is possible. From the paper:

When the 4-way or fast BSS transition handshake is attacked, the precise impact depends on the data-confidentiality protocol being used. If CCMP is used, arbitrary packets can be decrypted. In turn, this can be used to decrypt TCP SYN packets, and hijack TCP connections. For example, an adversary can inject malicious content into unencrypted HTTP connections. If TKIP or GCMP is used, an adversary can both decrypt and inject arbitrary packets.

On the iOS side, since iOS didn't strictly implement the protocol spec and sidestepped most of the client-side issues, and according to this article, the iOS patch primarily helps iOS clients to mitigate unpatched AP-side-specific issues.

Also, since iOS implements 802.11r, it's vulnerable to that subset of the CVEs. This is covered more thoroughly in this answer.

Royce Williams
  • 9,128
  • 1
  • 31
  • 55
  • 1
    802.11r is not implemented in Windows ICS so would not be subject to the AP side vulnerability. – YLearn Nov 28 '17 at 02:54
  • Hey, thanks! I'll update the post once I can confirm this. Do you have a link? – Royce Williams Nov 28 '17 at 04:22
  • 1
    I don't have a link, but I can say from personal experience the beacon frames from a Windows ICS "hotspot" do not contain any of the elements necessary for fast transition. Anyone can do the capture themselves to confirm. I also can't find any reference from Microsoft for enabling 802.11r with ICS. This makes sense as 802.11r is really only needed in a multiple AP environment (where clients roam) and ICS isn't meant for such use. The only references I can find from Microsoft about Windows 802.11r support is as a client. – YLearn Nov 29 '17 at 07:04
  • Fair points - thanks. Updated my answer. Right now, the first Google hit for "windows" "802.11r" "Internet Connection Sharing" is this page, which is probably telling. ;) – Royce Williams Nov 29 '17 at 20:45