KRACK

Millions of Amazon Echo 1st generation and Amazon Kindle 8th generation are susceptible to an old WiFi vulnerability called KRACK that allows an attacker to perform a man in the middle attack against a WPA2 protected network.

KRACK, or Key Reinstallation Attack,  is a vulnerability in the 4-way handshake of the WPA2 protocol that was disclosed in October 2017 by security researchers Mathy Vanhoef and Frank Piessens.

Using this attack, bad actors can decrypt packets sent by clients in order to steal sensitive information that is sent over plain text. While the WPA2 wireless connection of this network has been compromised by this attack, it is important to note that any encrypted traffic sent over the wireless network will still be protected from snooping.

In order to fix these vulnerabilities, hardware manufacturers needed to release new firmware for the affected devices.

Older Amazon devices are affected

In a report by the ESET Smart Home Research Team, the researchers have discovered that Amazon Echo 1st generation and Amazon Kindle 8th generation devices were still affected by the KRACK vulnerability.

When performing tests against the older Echo and Kindle devices, ESET discovered that the devices were vulnerable to the KRACK four-way handshake CVE-2017-13077 and CVE-2017-13078 vulnerabilities. 

"The Echo 1st  generation and Amazon Kindle 8th generation devices were found to be vulnerable to two  KRACK vulnerabilities", ESET researchers stated in their report. "Using Vanhoef’s scripts, we were able to replicate the reinstallation of the pairwise encryption key (PTK-TK) in the four-way handshake (CVE-2017-13077) and reinstallation of the group key (GTK) in the four-way handshake (CVE-2017-13078)."

Reinstallation of keys using CVE-2017-13077 on Amazon Echo
Reinstallation of keys using CVE-2017-13077 on Amazon Echo

According to ESET these vulnerabilities could allow an attacker to:

  • replay old packets to execute a DoS attack, disrupt network communication or replay attack
  • decrypt any data or information transmited by the victim 
  • depending on the network configuration: forge data packets, cause the device to dismiss packets or even inject new packets
  • intercept sensitive information such as passwords or session cookies

The researchers also discovered that the Amazon Home Assistant was affected by an unrelated vulnerability that could allow an attacker to steal packets or perform a DoS attack.

Security update released for affected Amazon devices

ESET responsibly disclosed these bugs to Amazon on October 23rd, 2018 and was told that Amazon would look into the issues.

On January 8th, 2019, Amazon stated that they could replicate the bugs and had prepared patches that would be pushed out to affected devices in the coming weeks. This patch would come in the form of a new wpa_supplicant, which is a small program that controls the wireless protocols on the device.

"To patch CVE-2017-13077 and CVE-2017-13078 vulnerabilities in several million Echo 1st generation and Amazon Kindle 8th generation devices, Amazon issued and distributed a new version of the wpa_supplicant – a software application on the client device responsible for correct authentication to the Wi-Fi network."

Most users should have this update already installed for quite some time, but it is strongly advised that all users go into their Echo and Kindle settings and make sure they are using the latest firmware.

Related Articles:

Dev rejects CVE severity, makes his GitHub repo read-only

Juniper releases out-of-cycle fix for max severity auth bypass flaw

Critical GitLab bug lets attackers run pipelines as any user

Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released

Hackers target new MOVEit Transfer critical auth bypass bug