10

I am trying understand one thing about the KRACK attack. I see explanations like this everywhere:

The hacker interferes with the initial handshake between your device and the WiFi router in a way that allows the attacker to gain an ability to decrypt the traffic you exchange over WiFi.

Ok, but what traffic exactly is this? Let's say in my house I have a patched router, a patched iPhone and an unpatched WiFi camera. Seeing here the weak link is my camera, if it gets attacked, can the hacker sniff the whole traffic including my iPhone, or only the traffic between the vulnerable device (camera) and the router?

Joe
  • 2,734
  • 2
  • 12
  • 22
Spring
  • 253
  • 1
  • 6

2 Answers2

11

If either endpoint is patched you should view the connection as *secure. None of the traffic can be seen if the router is patched. The router will refuse to use the reset Nonce and the connection will fail. If the router is also unpatched then any unpatched devices connecting to it such as the camera may have their traffic viewed.

Krack forces nonce reuse which is specific to each connection.

*By secure I mean the link to the access point is secure. There is no guarantee with what the AP does or any network it forwards the traffic to afterwards (for example.. the internet). If you want end to end security use end to end identity verified encryption like SSL.

Hector
  • 10,893
  • 3
  • 41
  • 44
  • Tnx, I have no control how should the camera or my IoT devices communicate(ssl or not). But if the manufacturer says the connection is "encrypted", can the attacker still decrypt the traffic? – Spring Dec 18 '17 at 17:13
  • 1
    @Spring - Without knowing what "encryption" the camera uses it is impossible to know. Usually with these products either the encryption is not very strong or uses a consistent password. However if they have used secure encryption in a non-predictable way the connection can be viewed as safe. – Hector Dec 18 '17 at 17:15
  • And if my iPhone connects to the camera over Wi-Fi, can the attacker "pivot" to my iphone traffic in any manner, if he attacks to the camera? – Spring Dec 18 '17 at 17:27
  • 2
    "if either endpoint is patched ... the connection is secure". So if the router is patched, doesn't that mean the connection between the camera and router is secure? – Barmar Dec 19 '17 at 00:37
  • @Barmar - you are entirely correct - I misread the question. I will update my answer. Thankyou. – Hector Dec 19 '17 at 08:19
  • @Spring - No. The connection between the patched iPhone and the AP will always be secure. If the AP is unpatched and the iPhone communicates with an unpatched device on the network traffic to that device only may be viewable because it will be routed via the AP / the unpatched device to unpatched router link is not secure. – Hector Dec 19 '17 at 08:23
  • @Spring With IoT devices I would assume that if you didn't set up the software yourself (i.e. it's a pre-built product and not something you made with a Raspberry Pi) then it's totally insecure. – user253751 Dec 19 '17 at 22:31
4

The attacker will only be able to view the traffic from the unpatched WiFi camera.

KRACK is a key reinstallation attack which, for each successful attack, affects the device being targeted and doesn't affect other clients on the network even if they are unpatched.

Joe
  • 2,734
  • 2
  • 12
  • 22