If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. It works by exploiting a four-way handshake that's used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it's resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption. https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/ |
Ads |
#2
|
|||
|
|||
Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
He who is harry newton said on Mon, 16 Oct 2017 06:33:13 +0000 (UTC):
It works by exploiting a four-way handshake that's used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it's resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption. https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/ More links now that they published the paper on the attack a half hour ago. https://www.krackattacks.com Manufacturers apparently had 50 days to effect the fix: Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 https://papers.mathyvanhoef.com/ccs2017.pdf Updates in http://tinyurl.com/alt-internet-wireless |
#3
|
|||
|
|||
Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
He who is KenW said on Mon, 16 Oct 2017 07:36:14 -0600:
Kind of hard until the manufacturer says there is a fix. I have Ubiquiti equipment where I've been in contact with them. They already had the fix since they received notice 50 days ago. But they told me this morning that they just received new information so they're effecting a second fix as we speak. |
#4
|
|||
|
|||
Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
He who is harry newton said on Mon, 16 Oct 2017 06:33:13 +0000 (UTC):
It works by exploiting a four-way handshake that's used to establish a key for encrypting traffic. Here is ubiquiti's response to the AirMax products that I often use on my rooftop and as my many access points in my house and barn and pool and corral and driveway gate cameras, etc., and that all my neighbors use for our WISP radios. "Yes, this is a very big problem for WPA2 clients that won't get any more updates. But let's keep this thread focused on airMAX products. First of all, you are mostly covered if you are running v8.4.0 (AC series) or v6.0.7 (M series). We will fully resolve the issue with v8.4.2/v6.1.2 (betas aimed for the end of this week). Furthermore, our proprietary airMAX protocol makes simple attacks more difficult to carry out. Will be fully fixed with v8.4.2/v6.1.2: CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake CVE-2017-13078: reinstallation of the group key in the Four-way handshake CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake CVE-2017-13080: reinstallation of the group key in the Group Key handshake CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake Unaffected: CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame" |
#5
|
|||
|
|||
Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
In message , harry newton
writes: [] If your device supports Wi-Fi, it is most likely affected. [] Just out of curiosity, does the device have to be _using_ WPA/WPA2 to be vulnerable - i. e. would one still using WEP, or even no encryption (neither being a good idea for other reasons) still be susceptible, or immune? -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf Santa's elves are just a bunch of subordinate Clauses. |
#6
|
|||
|
|||
Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
In alt.internet.wireless, J. P. Gilliver (John) wrote:
harry newton writes: If your device supports Wi-Fi, it is most likely affected. Just out of curiosity, does the device have to be _using_ WPA/WPA2 to be vulnerable - i. e. would one still using WEP, or even no encryption (neither being a good idea for other reasons) still be susceptible, or immune? The attack is against the WPA handshake. No WPA, no attack from this method. WEP and no-encryption cases are subject to different attacks. The fix (I gather) is to protect against accepting replays during the handshake. Elijah ------ get ready to patch all your IoT devices, they sure make life easier, right? |
#7
|
|||
|
|||
Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
How does this colloquial summary for my family look - in case you want to
send one to YOUR family? ======== People are asking what to do about the KRACK Attack vulnerability (note the pleonasm), so I figured I'd let everyone know what it is & I figured I'd give folks the opportunity to ask question if they're concerned. The canonical site for the attack is written by the white hat who found it: https://www.krackattacks.com/ Here's my ad-hoc summary, written with respect to what you and I need to know & do. 1. In May, the white hat notified the government & vendors he found a bug in all WPA WiFi (e.g., WPA2) where someone who is *close* enough to intercept the signals can see everything you do. 2. It affects all WiFi devices but the worst affected is Android at or over version 6, macOS, Linux, and really fast (i.e., 802.11r fast roaming) routers set up as repeaters (i.e., as a second router). Far less affected are the WiFi in iPhones, iPads, iPods, older Android devices, Windows computers, and normal routers (e.g., 802.11n or 802.11ac), especially if they're set up as the main router (and not as a repeater). 3. There is only one viable solution, which is to *update* your device firmware or software, whether that be a mobile phone, a laptop, a desktop, a router working as a repeater, or the main router. The order of priority should be: a. If you have Android 6+, then you *should* update soon. b. If you have MacOS or Linux, then you should update soon. c. If you have an 802.11r router, then you should update soon. You can take your sweet time on everything else, but everything needs to be updated. 4. The problem, of course, is *how* to update each device. a. First look for your device to see if there is an update https://www.kb.cert.org/vuls/id/228519 b. Then try to find the update http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/ c. Then update. What a pain. Let me know if you have questions. ======== |
#8
|
|||
|
|||
Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
In message , harry newton
writes: How does this colloquial summary for my family look - in case you want to send one to YOUR family? Thanks: I've marked your post as keep. As to how it "looks", assuming by "colloquial" you meant understandable by everyone, I envy you your family, if you can throw in words and phrases like pleonasm, canonical, ad-hoc, vendors, and "whether that be" at random! (OK, I could with mine, but he's a lexicographer! I myself am not _too_ sure what pleonasm means - from context, I'm guessing tautology.) [] Thanks again, though! -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf The fifth bestselling detail of all time: the Ford Transit. (RT/C4 2015-5-24.) |
#9
|
|||
|
|||
Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
He who is J. P. Gilliver (John) said on Sun, 29 Oct 2017 13:53:14 +0000:
Thanks: I've marked your post as keep. Thanks J.P. Gilliver for *appreciating* the effort. See below for another effort I made just now to *simplify* the learning steps so that the *next* person can just click on the pictures to get an *idea* of the process involved in updating any WiFi device. As to how it "looks", assuming by "colloquial" you meant understandable by everyone, I envy you your family, if you can throw in words and phrases like pleonasm, canonical, ad-hoc, vendors, and "whether that be" at random! (OK, I could with mine, but he's a lexicographer! I myself am not _too_ sure what pleonasm means - from context, I'm guessing tautology.) My entire family is well educated, as are most in the USA, with more than a degrees piled high and deep - but I'm the only one with a few technical degrees (science and engineering) - the rest are lawyers and educators so they're not up to speed on technical stuff (that's why I was born). Since I have more than a half dozen access points and a dozen or more WiFi devices in the home, I documented in detail the update of just *one* of my transceivers (which is set up as an access point), so that others might benefit from a pictorial view of the whole process. This specific radio transmits 26 decibels (dBm) of power into an 18 decibel antenna (dBi) so it can easily connect by WiFi to a house 10 miles away, but it's only being used to connect to the barn WiFi cameras which are only about 1/2 kilometer away (so, yeah, it's overkill) but at the same time, it paints an area which allows anyone within miles to connect to my router via their cellphone WiFi if they knew how to. As always, to help everyone increase their knowledge in every post, I documented the steps below so that anyone can learn how it's done in a minute, without having to make mistakes. (0) Log into your radio using your administrator login & password http://wetakepic.com/images/2017/10/29/00_PB400_firmware_update_krack.jpg (1) Check the firmware version (noting the board revision, e.g., XW) http://wetakepic.com/images/2017/10/29/01_PB400_firmware_update_krack.jpg (2) Hit the "Check Now" button to see if you can update from here http://wetakepic.com/images/2017/10/29/02_PB400_firmware_update_krack.jpg (3) If not, go to the manufacturer's web site to locate the firmware file http://wetakepic.com/images/2017/10/29/03_PB400_firmware_update_krack.jpg (4) You may have to agree to the manufacturer's updated EULA http://wetakepic.com/images/2017/10/29/04_PB400_firmware_update_krack.jpg (5) Download the file to a known location on your computer http://wetakepic.com/images/2017/10/29/05_PB400_firmware_update_krack.jpg (6) Save the file in a logical location on your computer for future use http://wetakepic.com/images/2017/10/29/06_PB400_firmware_update_krack.jpg (7) Then in the radio, press the "Upload Firmware Choose File" button http://wetakepic.com/images/2017/10/29/07_PB400_firmware_update_krack.jpg (8) Wait for the firmware to upload (it may take a minute or two) http://wetakepic.com/images/2017/10/29/08_PB400_firmware_update_krack.jpg (9) Once uploaded, press the "Update" button to update the firmware http://wetakepic.com/images/2017/10/29/09_PB400_firmware_update_krack.jpg (10) Wait for the firmware to be updated (it may take a minute or two) http://wetakepic.com/images/2017/10/29/10_PB400_firmware_update_krack.jpg (11) Do not power down while you are waiting for the firmware to update http://wetakepic.com/images/2017/10/29/11_PB400_firmware_update_krack.jpg (12) When done, the radio will reboot; log back in to check results http://wetakepic.com/images/2017/10/29/12_PB400_firmware_update_krack.jpg (13) You should note that the firmware is now updated to the latest revision http://wetakepic.com/images/2017/10/29/13_PB400_firmware_update_krack.jpg (14) Doublecheck now that everything is updated that it is working fine http://wetakepic.com/images/2017/10/29/14_PB400_firmware_update_krack.jpg |
Thread Tools | |
Display Modes | |
|
|