Aerohive’s Response To KRACK
Many of our customers have been following the KRACK (key reinstallation attack) news that was released this week. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point.
Additional research also led to the discovery of three additional vulnerabilities (not discussed in the original paper) affecting wireless supplicants supporting either the 802.11z (Extensions to Direct-Link Setup) standard or the 802.11r standard.
The three additional vulnerabilities could also allow the reinstallation of a pairwise key, group key, or integrity group key.The set of CVE (Common Vulnerabilities and Exposures) numbers (CVE-2017-13077 thru CVE-2017-2017-13088) are broadly applicable to all vendors of Wi-Fi products, including Aerohive.
Per the paper from the researchers, the main attack is against the 4-way handshake between the client and an access point, and does not exploit access points but instead targets client devices. The issue is with the ability to replay the 3rd phase of the 4-way handshake.
Even when still running susceptible versions of HiveOS, unless it is acting as a mesh point or as a client to another access point, Aerohive does not believe the integrity of an Aerohive access point or branch router can be compromised by these attacks. Aerohive branch routers and access points are not affected by these vulnerabilities when acting as a standard access point.
Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a victim wireless access point (AP) or client. After establishing a man-in-the-middle position between an AP and client, an attacker can selectively manipulate the timing and transmission of messages in the WPA2 Four-way, Group Key, Fast Basic Service Set (BSS) Transition, PeerKey, Tunneled Direct-Link Setup (TDLS) PeerKey (TPK), or Wireless Network Management (WNM) Sleep Mode handshakes, resulting in out-of-sequence reception or retransmission of messages.
Depending on the data confidentiality protocols in use (e.g. TKIP, CCMP, and GCMP) and situational factors, the effect of these manipulations is to reset nonces and replay counters and ultimately to reinstall session keys. Key reuse facilitates arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast, broadcast, and multicast frames.
The targets of the attacks described in the research paper and the web site are all client devices. Per the researcher’s own words “Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming).”
Aerohive (nor the general Wi-Fi community at large) is not aware of any active exploits against these vulnerabilities. 9 of the 10 CVEs are client side issues which can be mitigated by the access point (and which are addressed in our HiveOS updates) and only one (CVE-2017-13082) is an AP/Infrastructure issue (related to 802.11r Fast Roaming). Not all versions of HiveOS support 802.11r, and by it has typically been disabled by default, so unless you have explicitly turned this on within your network, you probably don’t need to worry about it.
One important thing to keep in mind is that an attack must happen on-premise. This can not be done over the internet. To be successful, the attacker would need to be onsite, and armed with specialized hardware and software. To reiterate, there is currently no publicly available code that enables this attack.
To reiterate, there is currently no publicly available code that enables this attack.
All current certificates and Wi-Fi passwords (PSK, PPSK, etc) are still secure. This attack does not reveal those passwords. There is no reason to reset all of them. Doing so would not provide any additional security.
The general industry observation has been that Mesh and Point-to-Point links may be vulnerable, but Aerohive’s mesh links have additional protection against man-in-the-middle attacks; we are not aware of anyone successfully forming a mesh connection to us using a third party product.
Affected Products and Version
- Any access point running Aerohive HiveOS versions 8.1r2 and lower are affected, as are Aerohive BR100 and BR200 branch routers with integrated Wi-Fi.
- HiveManager Classic and HiveManager NG are NOT vulnerable and are not affected.
- Aerohive switches are NOT vulnerable to this and are not affected.
- Aerohive’s stand-alone applications (StudentManager, HiveSchool, etc) are not affected.
Upgrade access points to HiveOS version 8.1r2a or to HiveOS version 6.5r8b, and branch routers to HiveOS version 6.5r8b or HiveOS version 6.7r2b as soon as they become available. The current latest versions of HiveManager Classic (8.1r2) and HiveManager NG (11.26) will support these new HiveOS builds without an upgrade.
- HiveOS version 8.1r2a is available for customer installation now.
- HiveOS version 6.5r8b is available for customer installation now.
- HiveOS version 6.7r2b is available for customer installation now.
- AP110, AP120, AP121, AP141, AP170, BR100, BR200*, AP130*, AP230*, AP320, AP340, AP330, AP350, AP370, AP390, and AP1130* customers should upgrade to HiveOS 6.5r8b immediately.
- AP122, AP130*, AP150W, AP230*, AP245X, AP250, AP550, AP1130* customers should upgrade to HiveOS 8.1r2a immediately.
- AP130, AP230, and AP1130 customers can choose between HiveOS 6.5r8b and HiveOS 8.1r2a.
- BR200 customers can choose between HiveOS 6.5r8b and HiveOS 6.7r2b.
- Mitigate the risks caused by a man-in-the-middle attack. Enable rogue detection to automatically classify spoofed MACs as a malicious threat, which can generate alarms for admins. Further, admins can enable APs to protect against Man-in-the-Middle attacks by deauth’ing clients connecting to a malicious rogue AP, which is required to carry out this attack.
- Eliminate the 802.11r vulnerability. If it is enabled on your network, consider disabling it until after you have upgraded your access points to patched firmware.
- Aerohive APs have additional protection against man-in-the-middle attacks for Mesh links – this means the attacker must be even more sophisticated to hijack the Aerohive Mesh link.
When your client devices (laptops, PCs, smartphones, IoT devices) have patches, push them out as soon as you can.
Don’t panic. Use this time to prepare and apply patches, so that once a tool becomes available, you are secure. Main problem is Android.
— Mathy Vanhoef (@vanhoefm) October 17, 2017
If you want to test your APs for a KRACK attack, this testing tool can do that.
Script to test APs for KRACK attack against FT handshake (802.11r – CVE-2017-13082) is online https://t.co/KpWafDHc8f
— Mathy Vanhoef (@vanhoefm) October 18, 2017