In the fall of 2017, a consolidated group of information security specialists disclosed information about a complex of vulnerabilities in WAP2, called KRACK (abbreviation for Key Reinstallation Attacks).
KRACK included 10 different CVEs, using which an attacker can take advantage of the weakness of the four-element WPA2 handshake. In fact, the criminal can force devices connected to the network to re-install the keys (key reinstallation), forcing them to reuse the key from the old session.
Since the problems were found at the protocol level (bugs affect both WPA2-Personal and WPA2-Enterprise), almost all implementations were vulnerable, and absolutely all users of Android, Linux, iOS, macOS, Windows, OpenBSD, as well as numerous IoT devices. Let me remind you that US-CERT specialists even created special page, where you can find out if the products of a particular company are vulnerable to KRACK problems, and whether patches are available.
Although a lot of time has passed since the disclosure of KRACK data, unfortunately, not all manufacturers have released patches for their products, and researchers continue to discover vulnerable devices. So, ESET experts discoveredthat the first-generation Amazon Echo and the eighth-generation Amazon Kindle were still vulnerable to some KRACK vulnerabilities.
So, for older devices, Echo and Kindle pose a threat to the CVE-2017-13077 and CVE-2017-13078 vulnerabilities: reinstalling the pair encryption key (PTK-TK) with a four-element handshake and reinstalling a group key (GTK) with a four-element handshake.
Using these bugs, a potential attacker can intercept confidential information, such as passwords or session cookies; decrypt any data transmitted by the victim; fake packets, force the device to reject packets, or even inject new packets (depending on network configuration); play back old packages for DoS attacks, replay attacks and network disruption.
ESET experts notified Amazon engineers about the problems in the fall of 2018, but patches appeared only in the winter of 2019. To fix vulnerabilities on several million devices, Amazon has released and distributed a new version of wpa_supplicant – an application that is responsible for the correct operation of authentication on Wi-Fi networks.