Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Severe WiFi security flaw puts millions of devices at risk (WPA2 cracked, but there's a patch)
Engadget ^ | Oct 16, 2017 | Steve Dent

Posted on 10/16/2017 6:24:52 AM PDT by dayglored

click here to read article


Navigation: use the links below to view more comments.
first previous 1-2021-4041-52 next last
To: dayglored

Bkmrk.


21 posted on 10/16/2017 7:44:32 AM PDT by RushIsMyTeddyBear (Screw The NFL!!!!!! My family fought for the flag!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: proxy_user

Doesn’t help my phone or iPad. Usually Asus is on top of firmware updates I’ll check my router today.


22 posted on 10/16/2017 7:46:20 AM PDT by miliantnutcase
[ Post Reply | Private Reply | To 4 | View Replies]

To: June2

Bkmk


23 posted on 10/16/2017 7:49:00 AM PDT by June2
[ Post Reply | Private Reply | To 21 | View Replies]

To: dayglored

Thanks for the ping.


24 posted on 10/16/2017 7:50:07 AM PDT by GOPJ (NFL calls their fans RACISTS - who must be "educated" by their players. That's soooo insulting.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: dayglored

The website (https://www.krackattacks.com) seemed a bit breathless with “all systems are affected” (oh noes!) and was coy about what exactly was the real issue on Windows and Macs. I had to dig down pretty far into the original paper to find the Group Key issue and at first glance it looks pretty minor from what I can tell, at least for Windows 10 clients.

The original paper is at

https://papers.mathyvanhoef.com/ccs2017.pdf

According to the paper, Windows 10 is not vulnerable to most of the attack vectors. The only significant one I saw was for the Group Key, where the vulnerability lets broadcasts and multicasts be replayed (but not alter them if I read it correctly). Any client on the network can already replay a broadcast or multicast by just resending it so I am not sure how this new vulnerablity is all that significant on Windows 10.


25 posted on 10/16/2017 8:04:07 AM PDT by Gideon7
[ Post Reply | Private Reply | To 20 | View Replies]

To: dayglored

thanks! will bmk


26 posted on 10/16/2017 8:07:55 AM PDT by bitt (The press takes him literally, but not seriously; his supporters take him seriously, but not literal)
[ Post Reply | Private Reply | To 20 | View Replies]

To: dayglored
From that link:

What if there are no security updates for my router?

Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.

27 posted on 10/16/2017 8:10:09 AM PDT by RightGeek (FUBO and the donkey you rode in on)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

>>Ummm, like your local coffee shop’s “Free WIFI”?

Yes, these are the real threats.

As a rule, one shouldn’t do anything he doesn’t want stolen when on public wifi.


28 posted on 10/16/2017 9:09:03 AM PDT by D-fendr (Deus non alligatur sacramentis sed nos alligamur.)
[ Post Reply | Private Reply | To 19 | View Replies]

To: dayglored

Anyone on a public WiFi without a VPN has more problems than just this hack.


29 posted on 10/16/2017 9:20:26 AM PDT by SanchoP
[ Post Reply | Private Reply | To 19 | View Replies]

To: All

The only thing I know how to do... is turn on the modem/router and enter the password on my laptop.

Is there a higher standard than WPA2 that is more secure? My hardware is 2-3 years old. Maybe I should consider buying a new one.


30 posted on 10/16/2017 9:45:42 AM PDT by deks
[ Post Reply | Private Reply | To 1 | View Replies]

To: Gideon7

Thanks for posting what you did about WIN 10. I don’t fully grasp all of this tech stuff.


31 posted on 10/16/2017 10:06:41 AM PDT by hsmomx3
[ Post Reply | Private Reply | To 12 | View Replies]

To: Noumenon

Heard about this?


32 posted on 10/16/2017 11:27:57 AM PDT by DuncanWaring (The Lord uses the good ones; the bad ones use the Lord.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: DuncanWaring

Yep. Low potential amongst my clientele.


33 posted on 10/16/2017 11:35:47 AM PDT by Noumenon (Can you imagine if Islam were NOT the religion of peace?)
[ Post Reply | Private Reply | To 32 | View Replies]

To: SanchoP
> Anyone on a public WiFi without a VPN has more problems than just this hack.

Perhaps so, but you surely are aware that the vast majority of Wifi users are precisely in that category (no VPN), right? One can't simply dismiss the scope of that huge attack surface just by calling them names (implicitly, "has more problems").

34 posted on 10/16/2017 12:09:56 PM PDT by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 29 | View Replies]

To: dayglored
Here's a very good explanation of the flaw, it's effects, and the fact that ALL PLATFORMS ARE AFFECTED to some degree or another, with Linux/Android being the most susceptible due to the way they handle the nonce/key.


Users are urged to continue using WPA2 pending the availability of a fix, experts have said, as a security researcher went public with more information about a serious flaw in the security protocol.

Key Reinstallation Attacks work against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data as well as eavesdropping on communications over the air. The only main limitation is that an attacker needs to be within range of a victim to exploit these weaknesses.

It affects WPA2 Personal and Enterprise, regardless of the encryption ciphers used by a network.

Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. Mathy Vanhoef of KU Leuven, the Belgian security researcher who discovered the flaw, warned that the security hole stems from a fundamental cryptographic weakness in the latest generation of wireless networking rather than a programming blunder.

Simply changing Wi-Fi network passwords is not going to help – software and firmware will need to be updated to workaround this deep design flaw:

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available.

The key reinstallation attack (KRACK) targets the four-way handshake of the WPA2 protocol and relies on tricking a victim's device into reusing an already-in-use key. This sleight of hand is achieved by manipulating and replaying cryptographic handshake messages.

“When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value,” Vanhoef explained today on a microsite about the attack. “Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.”

An attacker can force these nonce resets by collecting and replaying retransmissions of message three of the four-way handshake.

A nonce is a number that is not necessarily a secret but is meant only to be used once and never repeated. The flaw in WPA2 allows a nonce to be – or forced to be – repeated, thus allowing an attacker to extract the WPA2 session key and decrypt and compromise all wireless traffic for that session.

As a proof-of-concept, Vanhoef has published a demonstration of how a key reinstallation attack might be carried out against an Android smartphone. Android and Linux are particularly susceptible to the WPA2 flaw because a bug in the platform's widely used wpa_supplicant tool zeroes the key during the eavesdropping, thus the Wi-Fi traffic can be trivially decrypted.

In short, the vulnerability can be exploited on various operating systems, computers and devices to decrypt any information transferred over the air that isn't already encrypted with HTTPS, TLS, a VPN tunnel, or similar.

Worse, there's a bug in wpa_supplicant that causes the key to be set to all zeroes when you do this attack, so all traffic is trivially decrypted when attacking Linux and Android clients. — Graham Spookyland 🎃 (@gsuberland) October 16, 2017

Users are urged to continue using WPA2 pending the availability of a fix. VPN and other security technologies can offer protection to connections pending the availability of software update, according to preliminary analysis by one security researcher.

Crypto expert Arnold KL Yau told El Reg: “This sounds bad. However, a significant amount of the risk would be mitigated for services that use strong encryption at the transport or application layer (such as TLS, HTTPS, SSH, PGP) as well as applications secured by encrypted VPN protocols.

"Despite this, however, the ability to decrypt Wi-Fi traffic could still reveal unique device identifiers (MAC addresses) and massive amounts of metadata (websites visited, traffic timing, patterns, amount of data exchanged etc.) which may well violate the privacy of the users on the network and provide valuable intelligence to whoever's sitting in the black van.”

Research behind the attack will be presented at the Computer and Communications Security (CCS) conference in November, and at the Black Hat Europe conference in December. a research paper research paper entitled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 (PDF here). Frank Piessens of imec-DistriNet, who supervised his research, is credited as joint author of the paper.

Previous research by Vanhoef in related areas of HTTPS and Wi-Fi security can be found here and here.

Resolving the security problem is likely to involve applying security update to routers, something history shows is a problematic process.

Mark James, a security specialist at ESET, said: “One of the biggest concerns here of course is getting routers patched - firstly getting the average user to check and apply any firmware updates and secondly, some older routers may not even have a patch available - the average household would acquire an auto-configured router, install it and forget about it, until possibly they change their internet provider. Here, they may go through the same procedure; too many people never check or implement router updates as it’s something often too complicated for the home user to be involved in.”

Below is a video by Vanhoef demonstrating the wireless security weakness. ®

35 posted on 10/16/2017 12:19:30 PM PDT by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: dayglored

Dang, being something of a grammar nazi myself, I especially hate it when I use “it’s” instead of “its”. Sorry...


36 posted on 10/16/2017 12:20:45 PM PDT by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 35 | View Replies]

To: dayglored

This a client problem, not a router problem. Windows 10 desktops are essentially protected already. I think MacOs is too. It is basically a Linux (Android) problem.

The vulnerability lies in the clients, not the router/AP. All the router/AP can do is add extra checks to try to protect the vulnerable clients (mainly Android) that have not been patched.


37 posted on 10/16/2017 2:22:49 PM PDT by Gideon7
[ Post Reply | Private Reply | To 35 | View Replies]

To: dayglored; ~Kim4VRWC's~; 1234; 5thGenTexan; AbolishCSEU; Abundy; Action-America; acoulterfan; ...
WPA2 (Wi-fi Protected Access) security protocols for WIFI have been compromised. . . this is serious. It apparently still requires some effort at brute force hacking of the passwords, it can result in a Man-In-The-Middle attack against any WIFI router by substituting a malicious router for your home or business router to steal your credit cards, passwords, and financial information. — PING!


Cross Platform Security Alert
Ping!

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me

38 posted on 10/16/2017 4:47:47 PM PDT by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: proxy_user
Ethernet cable is my simple solution to these problems. Faster, too.

Great for computers with RJ-45 sockets, but not so great for tablets and mobile phones.

39 posted on 10/16/2017 4:49:29 PM PDT by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
[ Post Reply | Private Reply | To 4 | View Replies]

To: dayglored

My take away from this is to have a very hard WIFI password. Since you do not access it often, it can be really complex, and can include special characters and both upper and lower case alphabetic characters as well as numbers and symbols. Don’t use anything that’s in a dictionary. By doing this, you can create a password that would take geological ages to crack by brute force. So regardless if a malicious actor can clone your WPA2 protected Router, he still has to hack your passwords by brute force, trying every possible password until he hits the right one. . .


40 posted on 10/16/2017 4:56:49 PM PDT by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you racist, bigot!)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-52 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson