60

The more I read about KRACK, the more granular my questions become, and the harder it is to find answers.

My understanding is that both wireless clients and WAPs need to be patched to obviate the KRACK vulnerability in any particular wifi handshake. But there's some nuance to this (c.f. To sufficiently protect against KRACK is patching the client, the AP, or both, required?).

So if the client is patched, what if you don't know whether the WAP is or isn't? Doesn't this mean that one can never trust anonymous wifi cafes again, since there's no way to know whether they've patched their WAPs?

rahum
  • 607
  • 1
  • 5
  • 5
  • 142
    Wifi in Cafés never **was** safe in the first place. Mitm is the standard to happen there - it even has a nice name: captive portal. You can't (and never could) use a public WiFi without a VPN – Marcus Müller Oct 23 '17 at 21:51
  • Comments are not for extended discussion; this conversation has been [moved to chat](http://chat.stackexchange.com/rooms/67754/discussion-on-question-by-rahum-does-krack-mean-that-wifi-cafes-will-never-be-sa). – Rory Alsop Oct 27 '17 at 08:21

1 Answers1

123

Does KRACK mean that wifi cafes will never be safe again?

This is based on the false assumption that Wi-Fi cafes were ever safe. That is simply a false assumption.

So if the client is patched, what if you don't know whether the WAP is or isn't? Doesn't this mean that one can never trust anonymous wifi cafes again, since there's no way to know whether they've patched their WAPs?

Public Wi-Fi is often open (i.e. no encryption) or use a PSK that is distributed to all customers. Not saying there aren't some using WPA2-Enterprise, but I personally haven't seen any.

KRACK creates an opportunity to determine the WPA/WPA2 PTK/GTK so traffic can be decrypted and possibly manipulated by an attacker. If your client is patched, this will significantly limit what the attacker can see or do.

With Open Wi-Fi you have no encryption. With PSK (where the attacker also knows the PSK and can capture the 4-way handshake), you don't have reliable encryption because anyone around has the capability to decrypt your traffic. Either case presents an easy opportunity for an attacker to create a MitM situation. In other words, you are already totally exposed and are not safe in any sense; all before KRACK was ever found or publicized.

The only way that KRACK might make such public Wi-Fi more vulnerable is if the site is using WPA2-Enterprise (i.e. setting up usernames/passwords for clients). But if a site is putting that much effort into providing secure access for customers, then odds are good they will put the effort into patching it as well.

End result though is still the same. Public Wi-Fi shouldn't be considered safe.

YLearn
  • 3,967
  • 1
  • 17
  • 34
  • 2
    From what I can tell, KRACK's primary threat is that it lets you *gain access to* the network. Cafe wifi already lets anyone onto the network, so there's no loss of security on that end. Yes, KRACK can do more complicated attacks (like data injection), but that was already possible without KRACK if you could get on the wifi. It's just another way of doing something that was already possible. – cegfault Oct 24 '17 at 04:56
  • 13
    @cegfault, you are incorrect. KRACK *does not* give access to the network, compromise the 802.11 client, or recover the PSK or other credentials. KRACK makes it significantly easier to determine the PTK of a client connection. A successful KRACK exploit will allow the attacker to decrypt, replay, forge, and/or inject frames, in at least one direction if not both. The discoverer of this vulnerability has put together a nice site to detail what KRACK is and how it works. You can find it [here](https://www.krackattacks.com/). – YLearn Oct 24 '17 at 05:07
  • 1
    Naive clairification question: does krack make someone connected to cafe wifi with an encrypted VPN any less safe? – LangeHaare Oct 24 '17 at 07:09
  • 5
    @LangeHaare, since your typical cafe Wi-Fi is less secure than even KRACKed WPA2, it wouldn't be any less safe. – YLearn Oct 24 '17 at 08:37
  • 2
    What Krack made possible, was always possible in an cafe or any open wifi. There are even android apps that can sniff the wifi traffic, grab images and text, etc ... Last I used one such app was few years ago. – Иво Недев Oct 25 '17 at 09:00
  • My impression of WPA(2)-PSK was that the actual encryption key pair between each client and the AP is negotiated separately at connect time using a secure key exchange protocol that prevents an observer who can see all traffic from knowing the negotiated keys, so that even a person knowing the PSK would not be able to know the individual encryption keys negotiated between the AP and each other client and therefore intercept any traffic between other clients and the AP. Now these comments are leading me to believe I was wrong. What is true? – thomasrutter Oct 26 '17 at 04:45
  • 1
    @fjw, if one knows the PSK and captures the key exhange (i.e. the 4-way handshake), they have all the information needed to calculate the encryption key (i.e. the PTK). In very basic terms, each side needs to have a common "starting point" (the PMK) to build and exchange the keying material. In a WPA/WPA2-PSK exchange the PMK is essentially the PSK. As an example, you can see how to [configure Wireshark to decrypt 802.11 traffic](https://wiki.wireshark.org/HowToDecrypt802.11). Only with WPA/WPA2-Enterprise will you have a unique PMK for each connection. – YLearn Oct 26 '17 at 05:38
  • I see, so PSK is like being allowed to plug into an ethernet hub - you have the technical ability see your own but also other clients' traffic. This further justifies my inherent distrust of free wifi where they put a sign near the counter with the key on it. Is it not possible for two parties to negotiate secret keys from nothing, in such a way that a third party cannot know the resulting key without knowing internal state of either of them? I thought that's what Diffie Hellman etc was, please forgive me though as I am not knowledgeable at all about this. – thomasrutter Oct 26 '17 at 05:52
  • @fjw, it is a bit more secure than just plugging into an Ethernet hub, as that would be more like connecting to an open network without a PSK. An attacker won't be able to do anything with traffic to/from clients that are connected prior to capturing traffic (although depending on the environment, they may be able to force a reconnection). – YLearn Oct 26 '17 at 05:57