What is KRACK?

KRACK is short for Key Reinstallation Attack. It is an attack that leverages a vulnerability in the Wi-Fi Protected Access 2 (WPA2) protocol, which keeps your Wi-Fi connection secure. For hackers, KRACK is a tool they use when in close range of one of their targets to access encrypted data.

When KRACK was first introduced in 2017, it shattered the perception that WPA2 was secure. This meant that the Wi-Fi “haven” in people’s homes had been penetrated. As researchers uncovered the threat, they discovered that several types of devices were all vulnerable, including those running iOS, Android, Linux, macOS, and Windows. 

However, despite the weaknesses found in WPA2, there are still ways to use the internet without constantly worrying about hackers penetrating your system.

What Is WPA2?

WPA2 stands for Wi-Fi Protected Access 2, which is a protocol that secures Wi-Fi networks. WPA2 makes use of strong encryption intended to secure communications between a computer, tablet, phone, or other device and the device that provides it with Wi-Fi. 

In most situations, if someone were to intercept the communications between the end device and the Wi-Fi access point, the encryption would make it extremely difficult to decode and use.

How Do KRACK Attacks Work?

A WPA2 connection begins with a four-way handshake, which is a process requiring the exchange of four messages between an access point and a device to generate an encryption key and encrypt data. The full four-way handshake is only required when the device first connects to the access point. To make subsequent connections faster, only step three of the four-way handshake has to be sent again. 

Whenever a user connects to a Wi-Fi network they have connected with in the past, the network only resends this third portion of the handshake. To make sure the connection is successful, this step can be repeated multiple times. This is where the vulnerability that KRACK exploits comes into play.

An attacker can create a clone of the Wi-Fi network the target has connected to in the past. This clone network provides the target with internet access, and they do not even notice that they are being hacked. As the target tries to connect to the network again, the attacker forces them to connect with the clone network. Throughout the course of the attack, the malicious actor keeps sending the third aspect of the handshake again and again to the target’s device. Every time the target allows the connection to happen, a portion of data gets decrypted. The bad actor can then collect these communications, aggregate them, and use this to break the encryption key.

Once the WPA2 encryption has been broken, the hacker then uses software designed to take all the data that gets sent by the target over that network. If a website uses secure sockets layer/transport layer security (SSL/TLS), the attack will not work. 

However, not all websites use these protocols for all versions of their site. Therefore, the hacker may try to use software to force the target to visit the HTTP version of a website, which would not be protected by SSL/TLS. If the victim does not notice that they have been compromised and have entered an unprotected site, they may proceed to enter sensitive information that the hacker can use to their advantage, sell, or otherwise exploit.

For a KRACK attack to succeed, the hacker needs to be close to the target. The proximity is necessary because the target and the hacker have to share the same Wi-Fi network.

Why Are KRACK Attacks Dreadful?

Every day, whether you are at work, in your home, or in public, you connect to Wi-Fi. You sign on not only with your personal devices but also devices within your home that are part of the Internet of Things (IoT). Everything that connects to Wi-Fi is therefore at risk of being hacked.

During a hack, the attacker can access usernames, passwords, data, bank details, emails, and more. They can then use this information for personal gain or to extort the victim. They can also sell it on the dark web for profit.

KRACK Prevention

The safest way to connect to the internet is to use a virtual private network (VPN), particularly when you are in a public area. Sometimes, people opt for a free VPN to save money. Free VPNs can present other issues because they have their own vulnerabilities. It is best to use a secure, paid option, such as those provided by Fortinet.

It is also advisable to avoid using public Wi-Fi whenever possible. Even if the connection has a password, because so many people have that password, it is essentially available to any hacker who wants it. Even if you are not connected to public Wi-Fi, you should make sure your device is updated and patched with the most recent firmware available. Your router should have the most recent patches as well.

How Fortinet Can Help

With a Fortinet VPN solution powered by FortiGate, you can securely use Wi-Fi without having to worry about your connection being “KRACK’d.” With FortiGate, you get a secure tunnel through which all of your traffic is routed. Inside the tunnel, your information is encrypted. This means that even if a hacker were to use KRACK to access your data, it would be encrypted and therefore useless. The hacker would most likely move on to a softer target.

Fortinet also offers FortiAPs, which are secure wireless access points that can be added to your network. FortiAPs are enabled with the Fortinet Security Fabric, which ensures visibility, integrated threat intelligence, and automated protection to shield your devices from KRACK.

FAQs

What does KRACK mean?

KRACK is short for Key Reinstallation Attack. It is an attack that leverages a vulnerability in the Wi-Fi Protected Access 2 (WPA2) protocol, which is a tool used to keep your Wi-Fi connection secure.

How does a KRACK attack work?

WPA2 uses a four-stage handshake during the connection process, but only for the first time the user connects. During subsequent connections, only the third step in the handshake gets sent again. During a KRACK attack, the attacker clones the Wi-Fi network and then sends that third step in the handshake again and again to the victim. Each time the victim accepts the connection, a portion of data gets decrypted by the attacker. The bad actor can then collect these communications, aggregate them, and use them to break the encryption key.