Billions of Devices Open to Wi-Fi Eavesdropping Attacks

Authenticate/encrypt all communication paths. ‘Zero trust’ is a much hyped term, but it’s a good idea…:

[…] In Wi-Fi, whenever a device connects to an access point (AP), that’s called an association. When it disconnects (for instance when a person roams from one Wi-Fi AP to another, experiences signal interference or turns off Wi-Fi on the device) this is called a disassociation.

krack vs krook

KRACK vs. Kr00k.

“KrØØk manifests itself after a disassociation,” ESET researchers explained. “[Once disassociation happens], the session key stored in the Wireless Network Interface Controller’s (WNIC) Wi-Fi chip is cleared in memory – set to zero. This is expected behavior, as no further data is supposed to be transmitted after the disassociation. However, we discovered that all data frames that were left in the chip’s transmit buffer were transmitted after being encrypted with this all-zero key.” Because it uses all zeros, this “encryption” actually results in the data being decrypted and left in plain text.

The attack path is simple: Associations and disassociations are governed by management frames, which are themselves unauthenticated and unencrypted, ESET explained. To exploit the bug, an adversary can simply manually trigger a disassociation by sending a crafted management data frame, and will then be able to retrieve the plaintext information left in the buffer. […]

Original article here