KRACK WPA2 Vulnerability Exposed

[gLWxSJeSsEA]

Great series of videos on the KRACK attack:

If you're confused about how this exactly works or why this is only client side patchable (though AP mitigations can be made), then I'd strongly recommending watching this series all the way through

 

[thiggins]

Two articles that list patches already available:
https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it
http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/

 

[martinr]

Short presentation here:

https://www.stationx.net/new-wpa2-a...-sendgrid&utm_term=15858120&utm_medium=875974

 

[gLWxSJeSsEA]

[Morac]
ASUS was notified by CERT about this issue back on August 28th. They never responded.

http://www.kb.cert.org/vuls/id/CHEU-AQNMXY

Now that I understand this better, the lack of response from Asus is troubling.

While it's true that most of the vulnerabilities can only be patched client side, there is an aspect of this that requires an access point patch (specifically CVE-2017-13082 FT handover).

 

[bits]

Most access points including Asus routers and wireless access points do have modes where the asus device is a client.

Clients are the ones that have the biggest issue.

So routers/ap will need to patch their client modes.

 

[muffintastic]

Any patch for Merlin firmware?

 

[unsynaps]

Its 99.99% a client issue not an station AP issue.

Though if you use your router to connect to another router to extend range then its an issue.

 

[gLWxSJeSsEA]

There is a really interesting Fast Transition (FT) handover (CVE-2017-13082) issue that is entirely an access point problem.

Basically a sniffing and mostly undetectable attacker can capture a ton of traffic with reused nonce with a single key violating principles of one-time pad crypto. Could do crypto-analysis on the captured data to possibly decrypt afterwards or do some weird attacks involving replaying stale data and messing with application layers that can't handle it properly.

 

[ColinTaylor]

Its 99.99% a client issue not a station AP issue.

Actually it is a "station" issue as station (STA) is the term typically used to describe a device being in client mode. As opposed to access point mode (AP) which is what a wireless router would usually be in.

 

[username0475]

So if my novice self can understand: clients ie devices that use WiFi are the weak link in this hack not the routers themselves - unless they are used as a repeater 'device'. - True?

 

[KevTech]

Microsoft patched this last week for Windows.

https://www.computerworld.com/artic...ts-down-krack-with-sneaky-windows-update.html

 

[RMerlin]

Microsoft patched this last week for Windows.

https://www.computerworld.com/artic...ts-down-krack-with-sneaky-windows-update.html

Wireless drivers need patching too. I installed an update from Intel today to address CVE-2017-13080 and CVE-2017-13081 on my Thinkpad Yoga 15.

 

[Mordred]

Its 99.99% a client issue not a station AP issue.

Though if you use your router to connect to another router to extend range then its an issue.

This is not correct, if you AP implements fast roaming 802.11r it is also vulnerable.

 

[sm00thpapa]

eero is working on patch for their systems as we speak.

 

[joegreat]

Good news for all Android user who can install (or have already) the alternative firmware LineageOS (successor of CyanogenMod):

"All official 14.1 builds built after this tweet have been patched for KRACK."
Source: Twitter

So: Your phone will be save as soon as you get the next update from LineageOS!

 

[Pene]

This is not correct, if you AP implements fast roaming 802.11r it is also vulnerable.

okay, what does it mean if we are using asus routers? what option shall I turn off in any of my asus routers? as far as I know, the "Roaming assistant" is not 802.11r, so disabling it won't change anything. or am I wrong and this partial(?) implementation of 802.11r can be dangerous for us?

 

[sfx2000]

openwrt and lede have been pulling driver, wifi supplicants, and hostapd changes in over the past 24 hours (as of 8am pst, 10/17), so a fair amount of upstream effort has been happening.

Note - if building off the lede main, they recently rebased the toolchain on gcc 5.5.0 earlier this week, so it's going to be a long build process... line below will bring the current local dir to current.

git pull && ./scripts/feeds update -a && ./scripts/feeds install -a && make menuconfig

then to the build - make V=s

 

[sfx2000]

raspberry pi - jessie and stretch have updates online - use apt to bring things up to date.

 

[TheManFromUncle]

Synology routers patched today.

 

[ILMostro]

Wireless drivers need patching too. I installed an update from Intel today to address CVE-2017-13080 and CVE-2017-13081 on my Thinkpad Yoga 15.

On Linux, `wpa_supplicant` is used to perform that handshake; it's been patched already on RHEL and CentOS at least. The drivers should not be vulnerable, as far as I understand it.