Rockwell Automation has patched its Stratix wireless access point against the KRACK vulnerability, joining a growing list of vendors in the commercial and industrial controls spaces moving quickly to reduce their exposure.
Most major vendors have similarly patched their products, some prior to the Oct. 16 announcement of the vulnerability in the WPA2 wireless protocol.
Rockwell said that its 5100 Wireless Access Point/Workgroup Bridge, version 15.3(3)JC1 and earlier were affected and managers should ensure the AP is updated as well as clients connecting to it.
“Rockwell Automation recommends that all users patch the clients that connect to the Stratix 5100 WAP/WGB, and recommends contacting your supplier to get the most updated patch that is compatible with your client devices,” said an advisory released by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). “However, patching the client only protects the connection formed by that specific client. In order to protect all future clients that may be added to your system, Rockwell Automation recommends patching the Stratix 5100 WAP/WGB when the firmware is available.”
An attacker in a man-in-the-middle position on a local network can exploit this vulnerability to decrypt traffic or inject malicious code.
Rockwell Automation markets the Stratix 5100 for use in autonomous networks on within a Cisco Unified network, providing connectivity in difficult to reach remote areas.
The KRACK vulnerability was disclosed by Mathy Vanhoef of KU Leuven in Belgium. Vanhoef privately disclosed to a number of critical vendors starting in July, and went public in a coordinated disclosure Oct. 16. The weakness is in the WPA2 standard used to secure modern Wi-Fi networks and affects even correct implementations of the protocol, he said.
The attack concentrates on the four-way handshake carried out when clients join WPA2 networks. It’s here where pre-shared network passwords are exchanged authenticating the client and access point and also where a fresh encryption key is negotiated that will be used to secure subsequent traffic. It is at this step where the key reinstallation attack takes place; an attacker on the network is able to intercede and replay cryptographic handshake messages, bypassing a mandate where keys should be used only once.
The weakness occurs when messages during the handshake are lost or dropped—a fairly common occurrence—and the access point retransmits the third part of the handshake, theoretically multiple times.
“Each time it receives this message, it will reinstall the same encryption key, and thereby reset the incremental transmit packet number (nonce) and receive replay counter used by the encryption protocol. We show that an attacker can force these nonce resets by collecting and replaying retransmissions of message 3 of the 4-way handshake,” Vanhoef wrote. “By forcing nonce reuse in this manner, the encryption protocol can be attacked, e.g., packets can be replayed, decrypted, and/or forged. The same technique can also be used to attack the group key, PeerKey, TDLS, and fast BSS transition handshake.”