Serious flaw in WPA2 protocol lets attackers intercept passwords and much more

[photon]

Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that was scheduled for 8am Monday, East Coast time. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running the Android, Linux, macOS, Windows, and OpenBSD operating systems, as well as MediaTek Linksys, and other types of devices. The site warned attackers can exploit it to decrypt a wealth of sensitive data that's normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol.

"This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on," researcher Mathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium wrote. "The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."

https://arstechnica.com/information-...ng/?comments=1

tl;dr: stop using wifi, convert to wires

[TorqueDog]

FYI, we've already patched Windows. If you have automatic updates enabled, you should already have the fix in place.

https://www.windowscentral.com/micro...-vulnerability

[GoinAllTheWay]

Quote:

Originally Posted by photon

tl;dr: stop using wifi, convert to wires

God I wish I could but that's discussion for another day.

In the meantime, I keep looking at my routers firmware. It states it's the most current version but was release over 3 yrs ago. It seems odd to me that such an important piece of security gets firmware updates next to never.

Is there a router manufacturer out there that stays on top of firmware updates or is this common across the board?

[Flash Walken]

Quote:

Originally Posted by GoinAllTheWay

God I wish I could but that's discussion for another day.

In the meantime, I keep looking at my routers firmware. It states it's the most current version but was release over 3 yrs ago. It seems odd to me that such an important piece of security gets firmware updates next to never.

Is there a router manufacturer out there that stays on top of firmware updates or is this common across the board?

in my experience it mostly depends on the model you're using.

[PsYcNeT]

Quote:

Originally Posted by GoinAllTheWay

God I wish I could but that's discussion for another day.

In the meantime, I keep looking at my routers firmware. It states it's the most current version but was release over 3 yrs ago. It seems odd to me that such an important piece of security gets firmware updates next to never.

Is there a router manufacturer out there that stays on top of firmware updates or is this common across the board?

If you're talking non-rackmount, Cisco/LinkSys and ASUS seem to release Firmware frequently for devices less than ~5 years old.

That said I'm also insanely biased against D-Link, Belkin, NetGear, and all the other C-brand crap.

[GoinAllTheWay]

Quote:

Originally Posted by PsYcNeT

That said I'm also insanely biased against D-Link, Belkin, NetGear, and all the other C-brand crap.

Haha, all my gear is D-Link. Curious why you don't like them?

I've always used D-link, it works. Never had an issue outside of lack of firmware updates.

That being said, I'm very open to alternatives. I saw those new fancy Asus ones at ME the other day. That price tag tho......

[photon]

Yeah the support for patches for hardware is going to be all over the place.

I've found ASUS to be pretty good, my router is 3ish years old and the last firmware update was in June of this year. We'll see if they patch this.

A router that supports DD-WRT or similar would be another way, they probably get updated pretty quickly.

Or a more business oriented product like Ubiquiti will probably get patched much faster than a consumer grade product. And their stuff isn't that much more expensive.

[Azure]

Is there a reason anyone would buy anything besides a Ubiquiti AC Pro? We purchased one recently and for the money and what it does it is insanely good.

Not a DHCP server though which is a bit annoying.

[GoinAllTheWay]

Quote:

Originally Posted by Azure

Is there a reason anyone would buy anything besides a Ubiquiti AC Pro? We purchased one recently and for the money and what it does it is insanely good.

Not a DHCP server though which is a bit annoying.

That would be reason enough for most I'd wager. What acts as your DHCP server then?

[FlameOn]

Quote:

Originally Posted by GoinAllTheWay

That would be reason enough for most I'd wager. What acts as your DHCP server then?

Ubiquiti Edge Router Lite or a Unifi Security Gateway.

[OmegaV4]

Quote:

Originally Posted by photon

Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that was scheduled for 8am Monday, East Coast time. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running the Android, Linux, macOS, Windows, and OpenBSD operating systems, as well as MediaTek Linksys, and other types of devices. The site warned attackers can exploit it to decrypt a wealth of sensitive data that's normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol.

"This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on," researcher Mathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium wrote. "The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."

https://arstechnica.com/information-...ng/?comments=1

tl;dr: stop using wifi, convert to wires

Thank the lord that my new place I'm moving to is fully wired for LAN.

[KevanGuy]

Ubuntu patched: https://usn.ubuntu.com/usn/usn-3455-1/

Here is a list of products and their update status' : https://www.bleepingcomputer.com/new...vulnerability/

[TorqueDog]

Quote:

Originally Posted by OmegaV4

Thank the lord that my new place I'm moving to is fully wired for LAN.

I had to re-do a lot of the network in both of my last two condos. But I am a huge fan of wired, particularly for my home theatre and consoles in the living room.

[sureLoss]

Interesting.

I wonder how many manufacturers are going to release patches for older hardware. As of June 2017, 30% of Android devices were still using 4.4 or earlier. This vulnerability may just end up making them all useless.

[OmegaV4]

Quote:

Originally Posted by TorqueDog

I had to re-do a lot of the network in both of my last two condos. But I am a huge fan of wired, particularly for my home theatre and consoles in the living room.

I am also on the same page as you. If I can use wired, then I'm all aboard the Ethernet train.

[Fuzz]

Quote:

Originally Posted by sureLoss

Interesting.

I wonder how many manufacturers are going to release patches for older hardware. As of June 2017, 30% of Android devices were still using 4.4 or earlier. This vulnerability may just end up making them all useless.

According to this, that won't be an issue:

Quote:

Android 6.0 and higher are currently vulnerable to this attack. When BleepingComputer contacted Google, their statement was "We're aware of the issue, and we will be patching any affected devices in the coming weeks". No information is available as of yet regarding Google WiFi.

https://www.bleepingcomputer.com/new...vulnerability/

I'm not sure why it wouldn't effect lower versions of Android, though.

[sureLoss]

nm. reading comprehension fail

Yeah I am not sure why lower versions of Android wouldn't be vulnerable to this flaw.

[calumniate]

So it's safe to say my shaw modem / wifi would be hooped?

[GoinAllTheWay]

Quote:

Originally Posted by TorqueDog

I had to re-do a lot of the network in both of my last two condos. But I am a huge fan of wired, particularly for my home theatre and consoles in the living room.

Did you do that yourself? I'm also in a condo (townhouse style) and honestly not sure where to begin with running wires up from the basement.

[psicodude]

Quote:

Originally Posted by GoinAllTheWay

Did you do that yourself? I'm also in a condo (townhouse style) and honestly not sure where to begin with running wires up from the basement.

You begin with a drill, a fish tape, and an increased tolerance for cutting holes in your drywall.