What is a KRACK attack?

Table of Contents 4 sections

What is a KRACK Attack?

KRACK, which stands for Key Reinstallation Attack, is a serious vulnerability discovered in 2017 in the WPA2 (Wi-Fi Protected Access II) protocol that secures the vast majority of modern WiFi networks. The attack exploits a flaw in the four-way handshake that WPA2 uses to establish an encryption key between a client device and an access point. By manipulating and replaying handshake messages, an attacker can force the reinstallation of an already-used encryption key, effectively resetting it to a known state.

The KRACK vulnerability is particularly significant because WPA2 had been considered the gold standard for WiFi security since its introduction in 2004. The discovery demonstrated that the protocol itself was flawed, meaning that every correctly implemented WPA2 client was vulnerable regardless of the password strength or the specific hardware and software in use.

How KRACK Works

The WPA2 four-way handshake establishes a fresh encryption key called the Pairwise Transient Key (PTK) each time a device connects to a wireless network. During this process, the client and access point exchange a series of messages to prove they both know the pre-shared key and to derive the session encryption key. The KRACK attack targets the third message of this handshake.

An attacker positioned between the client and access point can capture and replay the third handshake message. When the client receives this replayed message, it reinstalls the encryption key and resets the associated nonce (a number used once) and replay counter to their initial values. This nonce reuse allows the attacker to decrypt packets, replay old packets, and in some configurations, forge and inject packets into the wireless stream.

Impact and Affected Devices

The KRACK vulnerability affected virtually all devices that used WiFi, including smartphones, laptops, tablets, IoT devices, routers, and access points running any operating system. Linux and Android devices using wpa_supplicant version 2.4 and above were particularly vulnerable because the implementation would install an all-zero encryption key upon key reinstallation, making traffic trivially decryptable.

The practical impact of KRACK depends on the network configuration and the specific data being transmitted. An attacker within WiFi range could decrypt wireless traffic, potentially capturing sensitive information such as passwords, emails, and credit card numbers transmitted without additional encryption. However, data protected by HTTPS or other application-layer encryption remained protected even when the WiFi encryption was compromised.

Mitigation and Patches

Following the responsible disclosure of KRACK in October 2017, major operating system and device vendors released patches to address the vulnerability. The fix modifies how the handshake processes retransmitted messages, preventing the key reinstallation that enables the attack. Both client devices and access points needed to be updated, though patching clients was considered more critical.

The WPA3 protocol, released in 2018 as the successor to WPA2, was designed with KRACK-style attacks in mind. WPA3 uses Simultaneous Authentication of Equals (SAE) instead of the four-way handshake, providing stronger protections against offline dictionary attacks and key reinstallation attacks. Until all devices support WPA3, ensuring all WPA2 devices are patched remains essential. Using a VPN on WiFi networks provides an additional layer of encryption that protects traffic even if the WiFi encryption is compromised.