How the KRACK Attack Breaks WPA2: Causes, Impact, and Defense Strategies

Recently, a critical security flaw in the Wi‑Fi encryption protocol WPA2 was disclosed, allowing attackers to break the protocol through a method known as KRACK (Key Reinstallation Attack). This vulnerability puts the majority of Wi‑Fi networks, including home routers, at risk of credential theft and data interception.

Vulnerability Overview

Belgian security researcher Mathy Vanhoef identified the KRACK flaw, which exploits a design defect in WPA2's key generation mechanism. By tampering with and replaying the third message of the four‑way handshake, an attacker can force the reinstallation of encryption keys.

The WPA2 handshake negotiates encryption keys for subsequent data communication. If the third handshake message is replayed, the client may reinstall an insecure key, reset the replay counter and nonce, and become vulnerable to man‑in‑the‑middle attacks.

The attack, named Key Reinstallation Attack, affects not only the data encryption key but also PeerKey, group key, and Fast BSS transition (FT) handshakes, exposing Wi‑Fi traffic to eavesdropping, tampering, and replay.

Affected Devices

Almost all Wi‑Fi enabled devices—Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, etc.—are exposed to this threat.

CVE List

CVE-2017-13077: Reinstallation of PTK‑TK during the four‑way handshake

CVE-2017-13078: Reinstallation of GTK during the four‑way handshake

CVE-2017-13079: Reinstallation of IGTK during the four‑way handshake

CVE-2017-13080: Reinstallation of GTK during group‑key handshake

CVE-2017-13081: Reinstallation of IGTK during handshake

CVE-2017-13082: Reinstallation of PTK‑TK during fast BSS transition re‑association

CVE-2017-13084: Reinstallation of STK KEY during PeerKey handshake

CVE-2017-13086: Reinstallation of TDLS PeerKey during DTLS handshake

CVE-2017-13087: Reinstallation of GTK during WNM sleep‑mode response

CVE-2017-13088: Reinstallation of IGTK during WNM sleep‑mode response

WPA2 Protocol Introduction

WPA (Wi‑Fi Protected Access) and WPA2 are standards for Wi‑Fi security. WPA2 adds AES encryption, which is more secure than the TKIP algorithm used in WPA.

Key Reinstallation Attacks

The four‑way handshake consists of four EAPOL messages. The replay counter and nonce fields protect against replay attacks. However, because the third message may be retransmitted, an attacker can capture and replay it, causing the client to reinstall the same key and reset the nonce and replay counter.

When the client receives the third message multiple times, each reception triggers a new key installation, resetting critical security parameters and enabling the attacker to decrypt, replay, or modify traffic.

Root Cause Analysis and Impact

The 802.11 standard describes the handshake at a high level but does not specify precise handling of each message, allowing the KRACK attack to exploit the retransmission of message three. Not all client implementations handle this correctly; for example, Windows and iOS ignore retransmitted message three, reducing the attack’s effectiveness, while Android 6.0 is severely impacted.

The attack can target PTK, group key, PeerKey, TDLS, and fast BSS transition handshakes, potentially exposing all encrypted Wi‑Fi traffic.

Mitigation Recommendations

1. Deploy wireless intrusion prevention systems or VPNs to mitigate man‑in‑the‑middle scenarios and avoid connecting to untrusted APs.

2. Apply available security patches promptly (e.g., Linux hostapd and wpa_supplicant patches, Windows 10 KB4041676, iOS beta updates).

3. Use trusted Wi‑Fi networks; in public places prefer cellular data and disable Wi‑Fi when not needed.

References

[1] https://papers.mathyvanhoef.com/ccs2017.pdf

[2] https://techcrunch.com/2017/10/16/wpa2-shown-to-be-vulnerable-to-key-reinstallation-attacks/