WPA2 is no more secure

WPA2 (Wi-Fi Protected Access 2) is a network security technology commonly used on Wi-Fi wireless networks. It’s an upgrade from the original WPA technology, which was designed as a replacement for the older and much less secure WEP. WPA2 is used on all certified Wi-Fi hardware since 2006 and is based on the IEEE 802.11i technology standard for data encryption.

Yesterday, researchers Mathy Vanhoef and Frank Piessens, from the University of Leuven, has officially published a series of vulnerabilities that target the session establishment and management process in WPA(1/2)-PSK and WPA(1/2)-Enterprise. I say “officially” because the first notification by this researcher to several vendors was made around 14 July 2017!

These vulnerabilities can be grouped into two categories: those that affect wireless endpoints acting as a “supplicant” and those that affect wireless infrastructure devices acting as “authenticators”. Depending on the specific device configuration, successful exploitation of these vulnerabilities could allow unauthenticated attackers to perform packet replay, decrypt wireless packets, and to potentially forge or inject packets into a wireless network.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations; so changing the password of your WiFi network does not prevent (or mitigate) the attack. For these reasons, you should make sure all your devices are updated, and you should also update the firmware of your router.

Multiple Cisco wireless products are affected by these vulnerabilities. With the exception of a workaround for CVE-2017-13082, no workarounds have been identified for these vulnerabilities.

Proof-of-concept of a key reinstallation attack against an Android smartphone.

The following CVE IDs have been assigned to document these vulnerabilities in the WPA2 protocol:

  • CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
  • CVE-2017-13078: reinstallation of the group key in the Four-way handshake
  • CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake
  • CVE-2017-13080: reinstallation of the group key in the Group Key handshake
  • CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake
  • CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it
  • CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
  • CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
  • CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
  • CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame


The Wi-Fi Alliance has a plan to help remedy the discovered vulnerabilities in WPA2. Summarized, they will:

  • Require testing for this vulnerability within their global certification lab network.
  • Provide a vulnerability detection tool for use by any Wi-Fi Alliance member (this tool is based on my own detection tool that determines if a device is vulnerable to some of the discovered key reinstallation attacks).
  • Broadly communicate details on this vulnerability, including remedies, to device vendors. Additionally, vendors are encouraged to work with their solution providers to rapidly integrate any necessary patches.
  • Communicate the importance for users to ensure they have installed the latest recommended security updates from device manufacturers.

If you want to test the CVE-2017-13082 vulnerability check this link https://github.com/vanhoefm/krackattacks-test-ap-ft.