Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?

On 17/10/2017 9:41 PM, KenW wrote:

I am sure people that do nothing but look for problems can find
something wrong with every piece of equipment/software. Of course when
it becomes common knowledge, it causes more harm than good. ALMOST
every person on earth wants some kind of notoriety.


Indeed... look at how people hide garbage in the streets!

--
@~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!!
/ v \ Simplicity is Beauty!
/( _ )\ May the Force and farces be with you!
^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3
�借貸! ��騙! ��交! �打交! �打劫! �自殺! 請考慮綜� (CSSA):
http://www.swd.gov.hk/tc/index/site_...sub_addressesa

He who is William Unruh said on Sun, 29 Oct 2017 14:47:35 -0000 (UTC):

No, whose interception point is close enough. Thus your wirelessly
connected fridge, which usually has attrocious security, could possibly
be used as an interception point for an attacker who is in Mongolia say.

Interesting point. Thank you for that observation.

I think what you're saying is that if they can get to *any* of your
devices, over the Internet, then, *from those devices*, they can intercept
your traffic to, for example, your Linux laptop or Android smart phone.

But I'm confused about the risk in that case.

Are they only intercepting from the refrigerator-to-the-client-device?
Or are they then able to get from your router-to-your-client-device?

(The latter would be more dangerous.)

All wifi is susceptible, including Windows. The problem with Android and
Linux is they all use wpa_supplicant and it has a problem that, for
security, it zeros the password after using it. But that means that when
the replay occurs it uses that 0 password. Thus fixing wpa_supplicant
fixes the problem, and it has in principle been fixed. Of course one needs
to get that fixed version into the devices.

Here is a writeup I made for my family that others can use which shows just
*one* example of fixing a WiFI device. In this case, it's a Ubiquti radio
set up as an access point and only going about a half kilometer, but it
could be set up to go for miles (as some of my other radios are set up).

(0) Log into your radio
http://wetakepic.com/images/2017/10/29/00_PB400_firmware_update_krack.jpg

(1) Check the firmware version (noting the board revision, e.g., XW)
http://wetakepic.com/images/2017/10/29/01_PB400_firmware_update_krack.jpg

(2) Hit the "Check Now" button to see if you can update from here
http://wetakepic.com/images/2017/10/29/02_PB400_firmware_update_krack.jpg

(3) If not, go to the manufacturer's web site to locate the firmware file
http://wetakepic.com/images/2017/10/29/03_PB400_firmware_update_krack.jpg

(4) You may have to agree to the manufacturer's updated EULA
http://wetakepic.com/images/2017/10/29/04_PB400_firmware_update_krack.jpg

(5) Download the file to a known location on your computer
http://wetakepic.com/images/2017/10/29/05_PB400_firmware_update_krack.jpg

(6) Save the file in a logical location on your computer for future use
http://wetakepic.com/images/2017/10/29/06_PB400_firmware_update_krack.jpg

(7) Then in the radio, press the "Upload Firmware Choose File" button
http://wetakepic.com/images/2017/10/29/07_PB400_firmware_update_krack.jpg

(8) Wait for the firmware to upload (it may take a minute or two)
http://wetakepic.com/images/2017/10/29/08_PB400_firmware_update_krack.jpg

(9) Once uploaded, press the "Update" button to update the firmware
http://wetakepic.com/images/2017/10/29/09_PB400_firmware_update_krack.jpg

(10) Wait for the firmware to be updated (it may take a minute or two)
http://wetakepic.com/images/2017/10/29/10_PB400_firmware_update_krack.jpg

(11) Do not power down while you are waiting for the firmware to update
http://wetakepic.com/images/2017/10/29/11_PB400_firmware_update_krack.jpg

(12) When done, the radio will reboot; log back in to check results
http://wetakepic.com/images/2017/10/29/12_PB400_firmware_update_krack.jpg

(13) You should note that the firmware should now be updated
http://wetakepic.com/images/2017/10/29/13_PB400_firmware_update_krack.jpg

(14) Doublecheck now that everything is updated that it is working fine
http://wetakepic.com/images/2017/10/29/14_PB400_firmware_update_krack.jpg

So, 4 is the only thing you really need to say. Of course how you are
going to update your fridge or your toaster is a bit obscure. Do you
really want a "owned" wifi device anywhere on your internal network?

I have over a dozen WiFi devices in my house.... so I'm updating them one
by one. I'm more worried about my grandchildren not knowing how to update
*their* devices, and my older siblings, etc.

But I agree, it's a PITA to update *every* WiFi device in the house.
I have over a half-dozen access point radios, for example, and a few on the
roof, etc., some of which connect by WiFi to homes that are 10 miles away,
so it's a pain for any of them.

harry newton wrote:

I think what you're saying is that if they can get to *any* of your
devices, over the Internet, then, *from those devices*, they can intercept
your traffic to, for example, your Linux laptop or Android smart phone.

I think in your case you say your house is out of wifi range of your
neighbours; but since you're advising friends and family, it could be
that one house's fridge/camera/thermostat hacks the neighbour's wifi
traffic ...

He who is Andy Burns said on Sun, 29 Oct 2017 16:53:03 +0000:

I think what you're saying is that if they can get to *any* of your
devices, over the Internet, then, *from those devices*, they can intercept
your traffic to, for example, your Linux laptop or Android smart phone.

I think in your case you say your house is out of wifi range of your
neighbours; but since you're advising friends and family, it could be
that one house's fridge/camera/thermostat hacks the neighbour's wifi
traffic ...

I understand only the *basics* of that argument, which is that if you have
device 0 (the router), and then client 1 (refrigerator) and client 2
(Android phone), and client 3 (linux laptop) that *all* are vulnerable.

The basic argument is that if someone gets in on client 1, 2, or 3, then
the *whole* network is compromised.

But is it?

If client 1 is a refrigerator with very poor security, I get it that they
can hack easily into client 1.

All I'm asking is how does access to client 1 give them access to router 0
which "controls" the entire LAN?

On 2017-10-29, harry newton wrote:
He who is Andy Burns said on Sun, 29 Oct 2017 16:53:03 +0000:

I think what you're saying is that if they can get to *any* of your
devices, over the Internet, then, *from those devices*, they can intercept
your traffic to, for example, your Linux laptop or Android smart phone.

I think in your case you say your house is out of wifi range of your
neighbours; but since you're advising friends and family, it could be
that one house's fridge/camera/thermostat hacks the neighbour's wifi
traffic ...

I understand only the *basics* of that argument, which is that if you have
device 0 (the router), and then client 1 (refrigerator) and client 2
(Android phone), and client 3 (linux laptop) that *all* are vulnerable.

The basic argument is that if someone gets in on client 1, 2, or 3, then
the *whole* network is compromised.

But is it?

If client 1 is a refrigerator with very poor security, I get it that they
can hack easily into client 1.

All I'm asking is how does access to client 1 give them access to router 0
which "controls" the entire LAN?

It doesn't directly. But they now have control of a wireless card, which they
can adapt (software) to listen in on the traffic between your computer and the
router (remember that the wireless signal goes everywhere), and can then
subvert the communication between the computer and the router forcing the
system into negotiation replay. I have no desire to figure out exactly how to
do that, just that with fridges etc around with zero security, they have an in
to your local network, and quite possibly can use that to run a Krack on the
computer and the router.