KRACK Detector is a Python script to detect possible KRACK attacks against client devices on your network. The script is meant to be run on the Access Point rather than the client devices. It listens on the Wi-Fi interface and waits for duplicate message 3 of the 4-way handshake. It then disconnects the suspected device, preventing it from sending any further sensitive data to the Access Point.
KRACK Detector currently supports Linux Access Points with hostapd. It uses Python 2 for compatibility with older operating systems. No external Python packages are required.
Run as root and pass the Wi-Fi interface as a single argument. It is important to use the actual Wi-Fi interface and not any bridge interface it connects to.
python krack_detect.py wlan0
If you do not wish to disconnect suspected devices, use the
python krack_detect.py -n wlan0
Message 3 of the 4-way handshake might be retransmitted even if no attack is perfomed. In such a case the client device will be disconnected from the Wi-Fi network. Some client devices will take some time to re-authenticate themselves, losing the Wi-Fi connection for a few seconds.
What is Krack ?
KRACK attack, now fully disclosed after almost 14 years of exposing our assumed to be encrypted wireless communications, affects today nearly every wireless device out there. Your Android cellular phone, network cameras, robotic vacuum cleaner and even your smart doorbell – all are vulnerable to this mysterious phenomenon that leaves their wireless communication exposed to hijacking, manipulations and in some cases even fully stripped from the encryption that should have kept our data private.
As explained thoroughly in this publication, this attack exploits a known and approved mechanism which is part of the wireless communication standards. Every wireless device out there must comply with the standard and this is why this specific vulnerability is so extensive and marked everywhere as high-risk.
KRACK (Key Reinstallation Attack) exploits a vulnerability in the standardized WPA2 authentication algorithm state machine. WPA2 is the industry-standard for encrypting and securing our Wi-Fi traffic for the past 14 years and supposedly didn’t fail us (unlike it’s predecessor, WEP, that was proved to be quite easy to decrypt in a matter of seconds). All true up until now. By exploiting the standard re-transmission mechanism of our wireless networks (that basically send again data packets in case they were lost due to bad reception or other interferences), the attacker causes the home-network access-point to resend one of the 4 data packets used for authenticating a device. These 4 packets are used to exchange authentication information (e.g. your wireless home-network password) and initiate an encrypted session between your wireless device and your home-network’s access point. Re-sending packet 3, in this case, causes the authentication algorithm state machine to fall into a special state in which the generated encryption keys are being re-installed and other counters and measurement initiated. This allows the attacker to weaken the encryption and in some cases even downgrade the entire encrypted session to be using an all zero encryption key which is straightforward to decrypt.
Basically, the problem lies within all of our wireless enabled devices. Their encryption algorithm, although following the common and binding standard, allows the above vulnerable key reset. And so, ALL devices must be patched and updated immediately to fix and mitigate the vulnerability. And here lies the REAL BIG PROBLEM – with millions of different devices, hardwares, models, chipsets and firmware versions – there is no feasible way to patch ALL devices. It is safe to assume that some selected android devices will get their monthly security updates soon, and most windows machine were already patched – but what about our TV Boxes? Video Streamers? Security Cameras and other IoTs?
This same question should also be directed at the access-point (also called router or hub) vendors. The access-point is actually the real weak spot in this case. This is where the malicious re-transmitted packet number 3 starts its way and ends up weakening all of our connected devices security. So why not tackle the heart of the problem?
Well, the answer to this one, unfortunately, seems rather the same. With tens and hundreds of vendors that try to keep up with hundreds of different deployed models and thousands of firmware versions – only a few lucky selected router owners will get the security patch they eager for.