If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
https://www.krackattacks.com I reported it yesterday over here with links... https://groups.google.com/forum/#!forum/alt.internet.wireless They made it public a half hour ago: https://groups.google.com/d/msg/alt.internet.wireless/vn8yRnm7UF8/N89Wcd_OAAAJ Manufacturers apparently had 50 days to effect the fix: Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 https://papers.mathyvanhoef.com/ccs2017.pdf -- No need to respond; this is just FYI... |
Ads |
#2
|
|||
|
|||
Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
On Mon, 16 Oct 2017 12:46:08 +0000 (UTC), harry newton
wrote: Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet? https://www.krackattacks.com I reported it yesterday over here with links... https://groups.google.com/forum/#!forum/alt.internet.wireless They made it public a half hour ago: https://groups.google.com/d/msg/alt.internet.wireless/vn8yRnm7UF8/N89Wcd_OAAAJ Manufacturers apparently had 50 days to effect the fix: Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 https://papers.mathyvanhoef.com/ccs2017.pdf Kind of hard until the manufacturer says there is a fix. KenW |
#3
|
|||
|
|||
Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
He who is KenW said on Mon, 16 Oct 2017 07:36:14 -0600:
Kind of hard until the manufacturer says there is a fix. I have Ubiquiti equipment where I've been in contact with them. They already had the fix since they received notice 50 days ago. But they told me this morning that they just received new information so they're effecting a second fix as we speak. |
#4
|
|||
|
|||
Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
The weaknesses are in the Wi-Fi standard itself, and not in individual
products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. If your device supports Wi-Fi, it is most likely affected. Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. The research behind the attack will be presented at the Computer and Communications Security (CCS) conference, and at the Black Hat Europe conference. Our detailed research paper can already be downloaded. DEMONSTRATION As a proof-of-concept we executed a key reinstallation attack against an Android smartphone. In this demonstration, the attacker is able to decrypt all data that the victim transmits. For an attacker this is easy to accomplish, because our key reinstallation attack is exceptionally devastating against Linux and Android 6.0 or higher. This is because Android and Linux can be tricked into (re)installing an all-zero encryption key (see below for more info). When attacking other devices, it is harder to decrypt all packets, although a large number of packets can nevertheless be decrypted. In any case, the following demonstration highlights the type of information that an attacker can obtain when performing key reinstallation attacks against protected Wi-Fi networks: Any data or information that the victim transmits can be decrypted. Additionally, depending on the device being used and the network setup, it is also possible to decrypt data sent towards the victim (e.g. the content of a website). Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations. For example, HTTPS was previously bypassed in non-browser software, in Apple's iOS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps. |
#5
|
|||
|
|||
Did you update your router for the WPA2/PSK KRACK nonce re-useattack yet?
On 16-Oct-17 2:59 PM, harry newton wrote:
The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. If your device supports Wi-Fi, it is most likely affected. Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. The research behind the attack will be presented at the Computer and Communications Security (CCS) conference, and at the Black Hat Europe conference. Our detailed research paper can already be downloaded. DEMONSTRATION As a proof-of-concept we executed a key reinstallation attack against an Android smartphone. In this demonstration, the attacker is able to decrypt all data that the victim transmits. For an attacker this is easy to accomplish, because our key reinstallation attack is exceptionally devastating against Linux and Android 6.0 or higher. This is because Android and Linux can be tricked into (re)installing an all-zero encryption key (see below for more info). When attacking other devices, it is harder to decrypt all packets, although a large number of packets can nevertheless be decrypted. In any case, the following demonstration highlights the type of information that an attacker can obtain when performing key reinstallation attacks against protected Wi-Fi networks: Any data or information that the victim transmits can be decrypted. Additionally, depending on the device being used and the network setup, it is also possible to decrypt data sent towards the victim (e.g. the content of a website). Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations. For example, HTTPS was previously bypassed in non-browser software, in Apple's iOS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps. FYI https://www.krackattacks.com/ -- David B. |
#6
|
|||
|
|||
Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
He who is David_B said on Mon, 16 Oct 2017 15:13:58 +0100:
FYI https://www.krackattacks.com/ That link was already in the original post. In cryptography, a nonce is a neologism for an arbitrary number that may only be used once, similar in spirit to the occasionalism lexeme "nonce word" (as are the headwords of any dictionary). Here is a related link to the Blackhat briefing that wasn't in the OP: https://www.blackhat.com/eu-17/briefings/schedule/#key-reinstallation-attacks-breaking-the-wpa2-protocol-8861 "We have discovered several key management vulnerabilities in the Wi-Fi Protected Access II (WPA2) security protocol. These can be exploited using so-called key reinstallation attacks. Because this is a protocol-level issue, most correct implementations of the standard are affected. Put differently, most protected Wi-Fi networks, including personal and enterprise WPA2 networks, are affected. All clients and access points that we tested in practice were vulnerable to some variant of the attack. The precise impact depends on the specific variant(s) of the attack that an implementation is vulnerable to." Bear in mind that the attacker has to be in close proximity to your device to effect the attack, and that no known variants are in the wild yet, so it's not something to worry about except to start looking for when the patches come out for all your devices that handle the WiFi WPA2/PSK protocol. -- See also en.wikipedia.org/wiki/Cryptographic_nonce |
#7
|
|||
|
|||
Did you update your router for the WPA2/PSK KRACK nonce re-useattack yet?
On 16/10/2017 8:46 PM, harry newton wrote:
Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet? https://www.krackattacks.com I reported it yesterday over here with links... https://groups.google.com/forum/#!forum/alt.internet.wireless ... Did you notice that these hacks always happen BEFORE someone fixed it? Are they all security traps, planted into router firmware by design? -- @~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!! / v \ Simplicity is Beauty! /( _ )\ May the Force and farces be with you! ^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3 不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺! 請考慮綜援 (CSSA): http://www.swd.gov.hk/tc/index/site_...sub_addressesa |
#8
|
|||
|
|||
Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
He who is Mr. Man-wai Chang said on Mon, 16 Oct 2017 23:57:50 +0800:
Did you notice that these hacks always happen BEFORE someone fixed it? Are they all security traps, planted into router firmware by design? This nonce KRACK vulnerability is in *everything*, including smart phones (iOS & Android) and computers (Mac/Windows/Linux) and routers (Netgear/Cisco/TPLink) .... It even affects web sites (e.g., Match.com)... It's more than just routers, so it's *big* - but bear in mind a. Fixes will be out soon b. Nothing is known in the wild yet c. You have to be nearby to be vulnerable Still, since it affects *everything* using WPA2 (business and personal), it's a big deal nonetheless. All you can do is wait for the patch when it comes out for each of your devices that implement the affected encryption protocol. |
#9
|
|||
|
|||
Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
It appears if you do not use or have WiFi and WPS enabled you should be
secure from this. Since I have both disabled I assume I am safe because I use neither. --- Bill Brought to you from Anchorage, Alaska "harry newton" wrote in message news Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet? https://www.krackattacks.com I reported it yesterday over here with links... https://groups.google.com/forum/#!forum/alt.internet.wireless They made it public a half hour ago: https://groups.google.com/d/msg/alt.internet.wireless/vn8yRnm7UF8/N89Wcd_OAAAJ Manufacturers apparently had 50 days to effect the fix: Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 https://papers.mathyvanhoef.com/ccs2017.pdf -- No need to respond; this is just FYI... |
#10
|
|||
|
|||
Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
He who is Bill Bradshaw said on Mon, 16 Oct 2017 09:23:19 -0800:
It appears if you do not use or have WiFi and WPS enabled you should be secure from this. Since I have both disabled I assume I am safe because I use neither. More so than routers, mostly all known wifi "clients" are affected (e.g., all consumer smartphones and computers) that use either WPA or WPA2 (enterprise or personal), and even against networks that just use AES. Some encrypted web sites are also affected, such as Match.com (as shown in the aforementioned video). So you're right that it's not a big deal that there is no encryption in all these cases because the the man in the middle has to be nearby. |
#11
|
|||
|
|||
Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
On Mon, 16 Oct 2017 12:46:08 +0000 (UTC), harry newton wrote:
Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet? https://www.krackattacks.com Still waiting for an update for my TP-Link Archer C7 router. If I understand all this correctly, then I'll also need an update for my Nexus 5X? -- s|b |
#12
|
|||
|
|||
Did you update your router for the WPA2/PSK KRACK nonce re-useattack yet?
On 10/16/17 20:00, harry newton wrote:
He who is Bill Bradshaw said on Mon, 16 Oct 2017 09:23:19 -0800: It appears if you do not use or have WiFi and WPS enabled you should be secure from this.* Since I have both disabled I assume I am safe because I use neither. More so than routers, mostly all known wifi "clients" are affected (e.g., all consumer smartphones and computers) that use either WPA or WPA2 (enterprise or personal), and even against networks that just use AES. Some encrypted web sites are also affected, such as Match.com (as shown in the aforementioned video). They do use a tool commonly used in man-in-the-middle attacks, to strip away the tls and send the content to the client machine unencrypted. As they did explain in the video, many don't check in their mobile devices that they have tls communication or not and those they will be able to carry out the attack to see the the login credentials in this example. This has nothing to do with KRACK itself. So you're right that it's not a big deal that there is no encryption in all these cases because the the man in the middle has to be nearby. There are devices that can give an attacker quite long range to execute their attacks on, so you ain't safe just for you don't see anyone nearby. -- //Aho |
#13
|
|||
|
|||
Did you update your router for the WPA2/PSK KRACK nonce re-useattack yet?
On 16-Oct-17 4:18 PM, harry newton wrote:
He who is David_B said on Mon, 16 Oct 2017 15:13:58 +0100: FYI* https://www.krackattacks.com/ That link was already in the original post. Oops! :-( My apologies, Harry. Please forgive me. In cryptography, a nonce is a neologism for an arbitrary number that may only be used once, similar in spirit to the occasionalism lexeme "nonce word" (as are the headwords of any dictionary). Here is a related link to the Blackhat briefing that wasn't in the OP: https://www.blackhat.com/eu-17/briefings/schedule/#key-reinstallation-attacks-breaking-the-wpa2-protocol-8861 "We have discovered several key management vulnerabilities in the Wi-Fi Protected Access II (WPA2) security protocol. These can be exploited using so-called key reinstallation attacks. Because this is a protocol-level issue, most correct implementations of the standard are affected. Put differently, most protected Wi-Fi networks, including personal and enterprise WPA2 networks, are affected. All clients and access points that we tested in practice were vulnerable to some variant of the attack. The precise impact depends on the specific variant(s) of the attack that an implementation is vulnerable to." Bear in mind that the attacker has to be in close proximity to your device to effect the attack, and that no known variants are in the wild yet, so it's not something to worry about except to start looking for when the patches come out for all your devices that handle the WiFi WPA2/PSK protocol. Thanks for the additional info. -- David B. |
#14
|
|||
|
|||
Did you update your router for the WPA2/PSK KRACK nonce re-useattack yet?
On 10/16/17 20:55, s|b wrote:
On Mon, 16 Oct 2017 12:46:08 +0000 (UTC), harry newton wrote: Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet? https://www.krackattacks.com Still waiting for an update for my TP-Link Archer C7 router. If I understand all this correctly, then I'll also need an update for my Nexus 5X? It's more important to update the client than the server. |
#15
|
|||
|
|||
Did you update your router for the WPA2/PSK KRACK nonce re-useattack yet?
On 2017-10-16, s|b wrote:
On Mon, 16 Oct 2017 12:46:08 +0000 (UTC), harry newton wrote: Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet? https://www.krackattacks.com Still waiting for an update for my TP-Link Archer C7 router. If I understand all this correctly, then I'll also need an update for my Nexus 5X? I think, but do not know for sure, that the primary thing that needs to protected is the client not the Access point. Ie, your Android (do they use wpa_supplicant, since Android is based on Linux?) IOs , or your laptop. As far as I have seen, there is no fix out yet for wpa_supplicant. It seems that the reason Windows is more resistant is because they did not no impliment the full spec for WPA2. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|