12

After Heartbleed was announced, a number of tests popped up that let me test if a server I was connecting to was patched, unpatched or unknown. For example, https://filippo.io/Heartbleed/

Is such a test possible for KRACK? Including checking...

  • my device [1]
    • my device that I updated over an unknown wifi connection
  • the router I am connected to (but don't control)
  • the router I own

[1] I have other ways of finding this out, but here I'm thinking of J. User who hears scary news and just wants to know if their laptop/phone is vulnerable

lofidevops
  • 3,550
  • 6
  • 23
  • 32
  • 2
    It's worth noting that there are *lots* of bugs in the KRACK paper, so there may need to be a lot of different checks. – Polynomial Oct 17 '17 at 16:25
  • @Polynomial I'm trying to find what the flaws in the paper are, could you possibly link me to a write up on them? – Henry F Dec 06 '18 at 06:54

2 Answers2

10

Test scripts will indeed be published by the original author but are not available yet.

As stated by the author:

We have made scripts to detect whether an implementation of the 4-way handshake, group key handshake, or Fast BSS Transition (FT) handshake is vulnerable to key reinstallation attacks. These scripts will be released once we have had the time to clean up their usage instructions.

I expect the linked page to be updated once the script become available, so check it regularly.

The author just published the scripts to test the devices and access points.

WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
2

This post gives full instructions to check AP for KRACK ATTACK that support FT. http://rootsaid.com/krack-test/

lavender
  • 21
  • 1