silversurfer

Level 53
Verified
Trusted
Content Creator
Malware Hunter
Millions of Amazon Echo 1st generation and Amazon Kindle 8th generation are susceptible to an old WiFi vulnerability called KRACK that allows an attacker to perform a man in the middle attack against a WPA2 protected network.

KRACK, or Key Reinstallation Attack, is a vulnerability in the 4-way handshake of the WPA2 protocol that was disclosed in October 2017 by security researchers Mathy Vanhoef and Frank Piessens.

Using this attack, bad actors can decrypt packets sent by clients in order to steal sensitive information that is sent over plain text. While the WPA2 wireless connection of this network has been compromised by this attack, it is important to note that any encrypted traffic sent over the wireless network will still be protected from snooping.

In order to fix these vulnerabilities, hardware manufacturers needed to release new firmware for the affected devices.

In a report by the ESET Smart Home Research Team, the researchers have discovered that Amazon Echo 1st generation and Amazon Kindle 8th generation devices were still affected by the KRACK vulnerability.
 

MARKRONSON

New Member
The Amazon Echo, Kindle and the entire Amazon home automation suite sits at the intersection of our personal and digital lives. The implications at home and at work and how to accommodate these devices safely and securely are still being discovered. WiFi sniffing, interception and hijacking are nothing new, but this latest development may have more implications than simply snooping on your Kindle reading habits. Keep in mind that businesses have commercial relationships in place with AWS and your Amazon identity is often linked to your home, your bank accounts and credit cards
 
  • Like
Reactions: oldschool
It’s worth mentioning that KRACK specifically affects the network config with WPA2-PSK combined with 802.11r fast roaming (BSS Fast Transition profile). It is not typical.

802.11r is generally an enterprise AP feature meant for skipping the round trip through a RADIUS server every time a client switched APs on a WPA2 Enterprise network. It’s minimally helpful on a WPA2 PSK network where it takes 4 packets to switch APs.

For KRACK to be exploited you have to have both a vulnerable client and a vulnerable server. The security patch for KRACK is basically a workaround that detects the attack is under way and then the devices respond by refusing to talk to the network and disconnecting from it. If either the client or the AP refuses to play ball, you can’t succeed with the attack easily.

Note, though, that the bigger red flag is that KRACK is like a 2 year old vulnerability now. If a vendor hasn’t bothered to patch that, what does that say about their security practices?