Hello, welcome to the Tuesday, October 17th, 2017 edition of the Sands and its Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Singapore.

After some pre-announcements of it leaked over the weekend, we have now all the details about a new attack against WPA2 that goes by crack or the

key reinstallation attack. One problem we always run into with wireless networks is that they

don't really work all that way. So many wireless protocols do take into account that

wireless data is being lost and corrupted pretty much all the time. So recents or having the same

data being sent over and over again is very typical for wireless networks and this particular feature is here used

against WPA2. Just to take the most important part ahead, this particular vulnerability

while serious doesn't really kill or invalidate WPA2.

It is luckily patchable and patchable in a backward compatible manner.

So if you are patching your client, if you're patching your access point,

they can still communicate with unpatched systems.

The problem really comes down to that during the initial

handshake, when a station connects to an access point, you do have a handshake where these keys

are being negotiated. The critical part here is the third part of the handshake, where the access point does transmit the group temporal key to the station.

Now, typically, it also then resets nuns and a sequence number that's being used to then modify that group temporal key from packet to packet.

This particular part of the handshake,

well, it can be resent. And again, that's kind of normal in wireless networks that, yes,

I'm acknowledging that I receive the key, but now I'm getting the same key again,

which just means that probably my acknowledgement got lost, so that new key will

override the old key that I just received. The biggest problem here is Linux and Android.

Linux and Android, and actually in following the specification very closely here,

...