KRACK Attack : Key Reinstallation Attacks [EXPLAINED]


You may like : DIGITAL FORENSICS TUTORIAL HERE (YOUTUBE)

https://www.youtube.com/watch?v=3z3Iau04gt8&list=PLEG4CvuvNZddHYjLLrAhhcOedeEPyPVxA

KRACK : Breaking WPA2 by forcing nonce reuse

Discovered by Mathy Vanhoef of imec-DistriNet, KU Leuven

KEY POINT OF KRACK ATTACK :

1) “The attacker doesn’t even need to connect to the network – only to listen to the data you exchange with an access point and emit their own packets back to change things on your system and the router.” – thenextweb

2) Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites. – krackattacks 

3) “The attack works against all modern protected Wi-Fi networks” – krackattacks 

PAPER (via krackattacks)

Our research paper behind the attack is titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 and will be presented at the Computer and Communications Security (CCS) conference on Wednesday 1 November 2017.

Although this paper is made public now, it was already submitted for review on 19 May 2017. After this, only minor changes were made. As a result, the findings in the paper are already several months old. In the meantime, we have found easier techniques to carry out our key reinstallation attack against the 4-way handshake. With our novel attack technique, it is now trivial to exploit implementations that only accept encrypted retransmissions of message 3 of the 4-way handshake. In particular this means that attacking macOS and OpenBSD is significantly easier than discussed in the paper.

Demo video :

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s