1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

KRACK WPA2 Vulnerability Exposed

Discussion in 'General Network Security' started by thiggins, Oct 16, 2017.

Tags:
  1. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
    logo-small.png
    [orginally posted by gLWxSJeSsEA]

    KRACK, a flaw in Wi-Fi security protocol WPA2, leaves traffic open to eavesdropping, connection hijacking, and malicious injection; US CERT advisory issued.

    Report by Ars' Dan Goodin.

    Official Website: https://www.krackattacks.com/


    Attack is a nonce reuse attack on 4-way handshake
    Attack does NOT allow the attacker to recover the Wi-Fi password
    Attack DOES allow the attacker to intercept/decrypt/inject packets (i.e. perform a full MITM attack on a connected client)
    Attack primarily leverages client-side vulnerabilities so patching the access point won't magically fix this (client side patches are needed for each device using Wi-Fi)

    Pre-Release Speculation:

    Kenn White describes it as a "core protocol-level flaw in WPA2 wi-fi"... which sounds bad.

    CVE's were assigned in August, so hopefully there are mitigations in place (if possible).

    Look for CVE-2017-13077, 13078, 13079, 13080, 13081, 13082, 13084, 13086, 13087, 13088 when details become available.

    Two articles that list patches already available:
    https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it
    http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/

    Follow @vanhoefm for the official drop.
     
    Last edited: Oct 16, 2017
  2. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
    My sincere apologies to everyone! I accidentally deleted the thread while trying to clean up duplicate posts.

    I am restoring as much information as I can from my browser cache.
     
  3. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
    [posted by Konstigt]
    This is the official homepage with lots of good information about KRACK Attacks (also linked in the above linked forum thread):

    https://www.krackattacks.com/
     
  4. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
    [posted by joegreat]
    By the way: ALL clients are effected (regardless of the platform) - even beloved fanboy platform iOS - as the problem comes from the WAP2 protocol DEFINITION and not in the specific IMPLEMENTATION on the clients! :oops:
     
  5. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
    [posted by Matt Humphrey]
    Yes, but if you read the information at KRACK Attacks, you would realize that Android and Linux are more vulnerable to the attack. FTA:
     
  6. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
    [posted by thelonelycoder]
    I know this is a serious vulnerability but in reality, how likely am I a target of it in my home in a quiet friendly neighborhood?
    Are there legions of hackers out there waiting to exploit it right now? I doubt it.
     
  7. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
    [posted by joegreat]
    ...analogous to your avatar picture: # security | grep thread > /dev/null and you are save! :p

    The problem with such "easy" and very wide spread security threads is that it becomes very tempting for any "script kiddie" to give it a try AND the professional back hat hackers will use it as well, as the payback (amount of money) is big! :confused:

    So, you personally might not be effected but many will be!
     
  8. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
    [gLWxSJeSsEA]
    It's not as bad as WEP/WPS vulnerabilities in that it doesn't allow Wi-Fi password recovery--so it's not a hop on your neighbour's wifi for fun thing.
     
  9. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
    [alexandro]
    Fun things are - listening traffic and grabbing passwords, is some cases change your traffic and insert dangerous data - CP or something else. Very bad.
     
  10. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
    [thelonelycoder]
    If you live in a densely populated part of a city I agree, but here I have cows grazing outside and neighbors mowing their lawns with grey hair (as I do). I'm not worried where I am.
     
  11. alexandro

    alexandro Occasional Visitor

    Joined:
    Feb 22, 2016
    Messages:
    13
  12. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
    [RMerlin]
    I haven't had the time to read all the published details yet (still on my breakfast orange juice atm), but from what I gather so far, the issue only allows one to eavesdrop and to decrypt your traffic, it does not allow to connect to your network or steal your WPA2 passphrease. So if all your sensitive Internet traffic is encrypted, then this limits the impact of that exploit. Just make sure your mail clients are all configured to use TLS/SSL (a lot probably are still using plaintext POP3/SMTP), and it might be prudent to rely on a VPN tunnel when wireless connected outside of home.

    People using old SMB might be at risk however, as SMBv1 (and various SMBv2 implementations) are NOT encrypted.
     
  13. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
    [bits]
    [quote[Matt Humphrey said:
    Yes, but if you read the information at KRACK Attacks, you would realize that Android and Linux are more vulnerable to the attack. FTA:[/quote]

    Linux patches were written weeks ago to fix this problem. They just had to wait for embargo to be lifted at 8am est when this was announced.
    Wpa_supplicant in Android will be patched on supported devices soon enough.
    https://w1.fi/security/2017-1/
     
  14. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
  15. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
    [sfx2000]
    It's a client side vuln - linux and android are high at risk, OpenBSD released a patch for their wpa supplicant, and I expect other OS's to release as well.

    AP's are not impacted - however, repeats (as they are clients) are vulnerable.
     
  16. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
    [o-l-a-v]
    Media bridge devices should be vulnerable too then, correct?
     
  17. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    5,812
    Location:
    Switzerland
  18. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
    [Morac]
    That doesn't seem to match up to what's mentioned in the FAQ on the disclosure site.

    Why would they say a patched client can communicate with an unpatched access point (and vice-versa) if APs didn't require patching? It sounds like APs can re-use keys as well.
     
  19. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
    [Viktor Jaep]
    And this is why you need to also use a beefy VPN client while connected to an AP... :/
     
  20. thiggins

    thiggins Mr. Easy Staff Member

    Joined:
    May 18, 2008
    Messages:
    13,939
    [Fitz Mutch]
    When he fires up Wireshark in the demonstration video, can you see if his router is made by ASUSTek Computer Inc (bc:ae:c5:xx:xx:xx)? I understand that it's an exploit of the client, not the router.

    https://www.krackattacks.com/
     
    Fitz Mutch likes this.