1

Trying to learn....

The ultimate difference between the vulnerability outlined in the answer posted here and KRACK attack is that with KRACK attack, the attacker does not need the AP pass phrase?

mobill
  • 441
  • 3
  • 7

2 Answers2

3

The primary difference between the two is that the KRACK attack targets the end-user and not the network itself. The attacker essentially creates a clone of a network that has already been associated and trusted with the target user's device. The attacker then "forces" the victim to connect to their rogue access point at which point they are in a Man-in-the-Middle position. They are now in a position to eavesdrop on traffic and potentially implement an SSLStrip attack to eavesdrop on TLS connections.

The linked question refers to an attacker joining a wireless network for nefarious purposes. At no time during the KRACK attack does an adversary join a network, nor do they compromise the network password. They impersonate that network.

EDIT : It should be stated that the KRACK attack is a form of sniffing, though the method you use to be in a position to sniff is different from the WPA2 sniffing question you linked to.

DKNUCKLES
  • 9,247
  • 2
  • 37
  • 48
  • If the attacker is only impersonating a network and never joining it, why are users urged to update their routers and access points ASAP? From this expanation I would expect only client devices to require updates? – Gruber Oct 18 '17 at 09:59
  • @Gruber I'm not sure why that advice is being given - perhaps just to err on the side of caution. The third part of the four way handshake is what's in question (AP sends MAC and Group Temporal Key to client) so I'm not sure what protections patching routers and access points would provide. – DKNUCKLES Oct 18 '17 at 12:15
  • @Gruber My current understanding is that AP patching is necessary to eliminate the .11r vulnerability. If you are not using the AP as a repeater, then patching is not required. – mobill Oct 18 '17 at 14:36
  • @DKNUCKLES The title is poorly worded, but after a minute more of thought, I'm not coming up with anything better. – mobill Oct 18 '17 at 14:39
1

The main attack is against the 4-way handshake of the WPA2 protocol. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to confirm that both the client and access point possess the correct credentials (example, the pre-shared password of the network). At the same time, the 4-way handshake also negotiates a fresh encryption key that will be used to encrypt all subsequent traffic. Currently, all modern protected Wi-Fi networks use the 4-way handshake. This implies all these networks are affected by (some variant of) our attack. For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES.

Reshma
  • 11
  • 4