(also key reinstallation attack)
KRACK attack definition
A KRACK attack (a key reinstallation attack) is a security vulnerability that affects Wi-Fi networks that use the WPA2 protocol. The WPA2 protocol is commonly used to secure wireless networks. A KRACK attack is a technique cybercriminals use to read information previously thought to be securely encrypted.
See also: Wi-Fi direct
How a KRACK attack works
- Initial handshake. When a user connects to a Wi-Fi network secured with WPA2, their device, and the Wi-Fi access point establish a secure connection using a shared encryption key. This encryption key is called the Pairwise Transient Key (PTK).
- Key reinstallation. During a KRACK attack, an attacker within range of the victim’s Wi-Fi network intercepts and manipulates the initial handshake process between the victim’s device and the access point. The cybercriminal exploits vulnerabilities in the WPA2 protocol to trick the victim’s device into reinstalling an already-used encryption key, effectively resetting it.
- Key reset and traffic decryption. By resetting the encryption key, the attacker can decrypt and eavesdrop on the victim’s Wi-Fi traffic and access sensitive information such as passwords or credit card details sent over the network.
- Further attacks. The attacker may also inject malicious content or modify network traffic to perform other attacks, such as redirecting the victim to fake websites or intercepting their communications.
How to prevent KRACK attacks
- Keep Wi-Fi devices up to date by enabling automatic updates.
- Use WPA3 because it is more secure than WPA2.
- Monitor Wi-Fi security news to stay informed.