KRACK
Attack on the Wi-Fi Protected Access protocol / From Wikipedia, the free encyclopedia
Dear Wikiwand AI, let's keep it short by simply answering these key questions:
Can you list the top facts and stats about KRACK?
Summarize this article for a 10 year old
KRACK ("Key Reinstallation Attack") is a replay attack (a type of exploitable flaw) on the Wi-Fi Protected Access protocol that secures Wi-Fi connections. It was discovered in 2016[1] by the Belgian researchers Mathy Vanhoef and Frank Piessens of the University of Leuven.[2] Vanhoef's research group published details of the attack in October 2017.[3] By repeatedly resetting the nonce transmitted in the third step of the WPA2 handshake, an attacker can gradually match encrypted packets seen before and learn the full keychain used to encrypt the traffic.
CVE identifier(s) | CVE-2017-13077, CVE-2017-13078, |
---|---|
Date discovered | 2016; 8 years ago (2016) |
Discoverer | Mathy Vanhoef and Frank Piessens |
Affected hardware | All devices that use Wi-Fi Protected Access (WPA) |
Affected software | All operating systems that use WPA |
The weakness is exhibited in the Wi-Fi standard itself, and not due to errors in the implementation of a sound standard by individual products or implementations. Therefore, any correct implementation of WPA2 is likely to be vulnerable.[4] The vulnerability affects all major software platforms, including Microsoft Windows, macOS, iOS, Android, Linux, OpenBSD and others.[3]
The widely used open-source implementation wpa_supplicant, utilized by Linux and Android, was especially susceptible as it can be manipulated to install an all-zeros encryption key, effectively nullifying WPA2 protection in a man-in-the-middle attack.[5][6] Version 2.7 fixed this vulnerability.[7]
The security protocol protecting many Wi-Fi devices can essentially be bypassed, potentially allowing an attacker to intercept[8] sent and received data.