Author Topic: WPA2 vulnerability exposed  (Read 14970 times)

0 Members and 1 Guest are viewing this topic.

Offline suicidaleggrollTopic starter

  • Super Contributor
  • ***
  • Posts: 1453
  • Country: us
WPA2 vulnerability exposed
« on: October 16, 2017, 01:48:43 pm »
A serious vulnerability has been found in WPA2, which brings it to the level of WEP (aka: might as well not have any encryption).

https://www.alexhudson.com/2017/10/15/wpa2-broken-krack-now/
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Thoughts?
« Last Edit: October 16, 2017, 03:09:12 pm by suicidaleggroll »
 
The following users thanked this post: Kalvin

Offline Vtile

  • Super Contributor
  • ***
  • Posts: 1144
  • Country: fi
  • Ingineer
Re: WPA2 is dead
« Reply #1 on: October 16, 2017, 01:52:03 pm »
Interesting, thanks for the heads up.

.
.
.

#internetofshit

?
?

 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23017
  • Country: gb
Re: WPA2 is dead
« Reply #2 on: October 16, 2017, 01:54:11 pm »
Personally speaking, I'm not fussed. I run my WiFI network like a public one. That means all encapsulated protocols are over TLS anyway. This is a minor setback. At worst someone can poison DNS or get themselves attached to my network and eat up all the bandwidth (which is free and unlimited anyway). This is no different to my teenage daughter giving our bloody wifi password out to all her friends and then them all loitering outside my house.

The real killer here is all the wireless infrastructure around. CCTV cameras, street lighting etc. If that uses WPA2 then there's going to be some interesting shit going down shortly :)
 

Offline borjam

  • Supporter
  • ****
  • Posts: 908
  • Country: es
  • EA2EKH
Re: WPA2 is dead
« Reply #3 on: October 16, 2017, 02:03:24 pm »
No it's not dead at all.

The authoritative information source is this:

https://www.krackattacks.com/#faq

As they point out, the flaws can be solved with some changes and they notified vendors in July. Patches are being published now.

And there is a lot of confusion around the issue because the announcement covers several flaws. Not all of them are the same, and networks using AES-CCMP are much less vulnerable than networks using TKIP.

I won't repeat the information, just read the comprehensive Q&A ;)
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23017
  • Country: gb
Re: WPA2 is dead
« Reply #4 on: October 16, 2017, 02:09:08 pm »
Some vendors were notified.
 

Offline IanMacdonald

  • Frequent Contributor
  • **
  • Posts: 943
  • Country: gb
    • IWR Consultancy
Re: WPA2 is dead
« Reply #5 on: October 16, 2017, 02:36:19 pm »
Personally speaking, I'm not fussed. I run my WiFI network like a public one. That means all encapsulated protocols are over TLS anyway. This is a minor setback.

Krackattack site says. "Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations."

HTTPS is only effective when the data is from one trusted source. As soon as you have other sources in the mix, there is no way of telling if one has been proxied.
 

Offline Kjelt

  • Super Contributor
  • ***
  • Posts: 6459
  • Country: nl
Re: WPA2 is dead
« Reply #6 on: October 16, 2017, 02:42:16 pm »
It is not dead, only need to patch the clients afaik from the paper.
However this needs to be addressed in a new standard (WPA3 ?) so that partly key renegotiation will not be allowed.
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23017
  • Country: gb
Re: WPA2 is dead
« Reply #7 on: October 16, 2017, 02:45:33 pm »
Personally speaking, I'm not fussed. I run my WiFI network like a public one. That means all encapsulated protocols are over TLS anyway. This is a minor setback.

Krackattack site says. "Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations."

HTTPS is only effective when the data is from one trusted source. As soon as you have other sources in the mix, there is no way of telling if one has been proxied.

That's mostly bollocks.
 

Offline suicidaleggrollTopic starter

  • Super Contributor
  • ***
  • Posts: 1453
  • Country: us
Re: WPA2 is dead
« Reply #8 on: October 16, 2017, 03:02:52 pm »
My cursory read through this morning suggested that an attacker could obtain the actual network PSK from a compromised client (which would mean that all it would take was a single unpatched client anywhere on the network to compromise the whole thing), but reading through it again I see now that they can only obtain the encryption key for that specific connection.

This means that any unpatched client will have its own connection decrypted and possibly interfered with, but not the rest of the network. Still bad, but not as bad as I originally thought.
 

Offline borjam

  • Supporter
  • ****
  • Posts: 908
  • Country: es
  • EA2EKH
Re: WPA2 is dead
« Reply #9 on: October 16, 2017, 03:04:17 pm »
My cursory read through this morning suggested that an attacker could obtain the actual network PSK from a compromised client (which would mean that all it would take was a single unpatched client anywhere on the network to compromise the whole thing), but reading through it again I see now that they can only obtain the encryption key for that specific connection.

This means that any unpatched client will have its own connection decrypted and possibly interfered with, but not the rest of the network. Still bad, but not as bad as I originally thought.
And even that depends on a number of circumstances.

 

Offline borjam

  • Supporter
  • ****
  • Posts: 908
  • Country: es
  • EA2EKH
Re: WPA2 is dead
« Reply #10 on: October 16, 2017, 03:11:57 pm »
It is not dead, only need to patch the clients afaik from the paper.
However this needs to be addressed in a new standard (WPA3 ?) so that partly key renegotiation will not be allowed.
Not really. The specs must be updated, though. Part of the problem, according to the author, is that the specification is incomplete and some details are just written into code.

Curiously, the newest protocol designed for 802.11ad networks is weaker than WPA2 with AES-CCMP.
 

Offline cdev

  • Super Contributor
  • ***
  • !
  • Posts: 7350
  • Country: 00
Re: WPA2 vulnerability exposed
« Reply #11 on: October 16, 2017, 03:36:35 pm »
The simplest workaround is wired Ethernet instead of wireless.

Tablets can use a thin USB cable to a hub with a USB network card attached to them.

Run Ethernet to every room and make it easy to plug into.

"What the large print giveth, the small print taketh away."
 

Offline Bud

  • Super Contributor
  • ***
  • Posts: 6877
  • Country: ca
Re: WPA2 vulnerability exposed
« Reply #12 on: October 16, 2017, 04:49:36 pm »
Thanks for the advice cdev. If you could only make a quick youtube video to make it less useless, i.e a video of yourself cutting drywalls, patching them back, drilling through floor and floor joists and the house outside walls, pulling ethernet wiring through the holes, installing Rj45 outlets and stuff. That would be greatly appreciated.  :)
Facebook-free life and Rigol-free shack.
 

Offline Kalvin

  • Super Contributor
  • ***
  • Posts: 2145
  • Country: fi
  • Embedded SW/HW.
Re: WPA2 vulnerability exposed
« Reply #13 on: October 16, 2017, 05:07:41 pm »
Would a VPN/SSH-tunnel from a laptop to the Wifi AP connected to wired LAN/WAN do the trick?**

** Edit: I mean in the office environment. In the open Wifi-hotspot one should always use VPN/SSH-tunneling to a trusted network connection.
« Last Edit: October 16, 2017, 05:31:20 pm by Kalvin »
 

Online BrianHG

  • Super Contributor
  • ***
  • Posts: 7660
  • Country: ca
Re: WPA2 vulnerability exposed
« Reply #14 on: October 16, 2017, 05:20:53 pm »
I don't browse directly on my mobile wifi devices.  I currently use TeamViewer on public networks, who claim to encrypt their data, and all web browsing is actually done on my wired home PC instead.  I wonder how secure TeamViewer is since it doesn't use any HTTP at all.  If Team viewer has faulty encryption, maybe I should find better remote desktop app.
 

Offline NiHaoMike

  • Super Contributor
  • ***
  • Posts: 8972
  • Country: us
  • "Don't turn it on - Take it apart!"
    • Facebook Page
Re: WPA2 vulnerability exposed
« Reply #15 on: October 16, 2017, 05:38:43 pm »
drilling through floor and floor joists and the house outside walls
If you route Ethernet cable outdoors, you just made a very easy way to break into the network.
I don't browse directly on my mobile wifi devices.  I currently use TeamViewer on public networks, who claim to encrypt their data, and all web browsing is actually done on my wired home PC instead.  I wonder how secure TeamViewer is since it doesn't use any HTTP at all.  If Team viewer has faulty encryption, maybe I should find better remote desktop app.
Let's hope they actually fixed the issue after their infamous security breach. Are there any independent security reviews to confirm that it actually is secure now?
Cryptocurrency has taught me to love math and at the same time be baffled by it.

Cryptocurrency lesson 0: Altcoins and Bitcoin are not the same thing.
 

Online BrianHG

  • Super Contributor
  • ***
  • Posts: 7660
  • Country: ca
Re: WPA2 vulnerability exposed
« Reply #16 on: October 16, 2017, 05:47:19 pm »
I don't browse directly on my mobile wifi devices.  I currently use TeamViewer on public networks, who claim to encrypt their data, and all web browsing is actually done on my wired home PC instead.  I wonder how secure TeamViewer is since it doesn't use any HTTP at all.  If Team viewer has faulty encryption, maybe I should find better remote desktop app.
Let's hope they actually fixed the issue after their infamous security breach. Are there any independent security reviews to confirm that it actually is secure now?

It looks as if you want that WiFi security, you need to write your own remote viewing app which no one else has, with your own encryption algorithm.  If there are only 1 or 2 users of the app and it is not public, no-one is trying or aware of your security algorithm let alone the method you encode the audio/video/mouse-keyboard events & it wont ever be cracked.
 

Offline Kalvin

  • Super Contributor
  • ***
  • Posts: 2145
  • Country: fi
  • Embedded SW/HW.
Re: WPA2 vulnerability exposed
« Reply #17 on: October 16, 2017, 05:57:29 pm »
I don't browse directly on my mobile wifi devices.  I currently use TeamViewer on public networks, who claim to encrypt their data, and all web browsing is actually done on my wired home PC instead.  I wonder how secure TeamViewer is since it doesn't use any HTTP at all.  If Team viewer has faulty encryption, maybe I should find better remote desktop app.
Let's hope they actually fixed the issue after their infamous security breach. Are there any independent security reviews to confirm that it actually is secure now?

It looks as if you want that WiFi security, you need to write your own remote viewing app which no one else has, with your own encryption algorithm.  If there are only 1 or 2 users of the app and it is not public, no-one is trying or aware of your security algorithm let alone the method you encode the audio/video/mouse-keyboard events & it wont ever be cracked.

Security through obscurity is not considered safe either.
https://en.wikipedia.org/wiki/Security_through_obscurity
 

Offline borjam

  • Supporter
  • ****
  • Posts: 908
  • Country: es
  • EA2EKH
Re: WPA2 vulnerability exposed
« Reply #18 on: October 16, 2017, 07:05:09 pm »
It looks as if you want that WiFi security, you need to write your own remote viewing app which no one else has, with your own encryption algorithm.  If there are only 1 or 2 users of the app and it is not public, no-one is trying or aware of your security algorithm let alone the method you encode the audio/video/mouse-keyboard events & it wont ever be cracked.
You would be amazed at what a skilled cryptoanalist can achieve.

So, unless your algoritm is really good...

Many years ago, when using wireless cards without encryption support I used IPSec. But no need to explain how clumsy it was!

 

Offline IanMacdonald

  • Frequent Contributor
  • **
  • Posts: 943
  • Country: gb
    • IWR Consultancy
Re: WPA2 vulnerability exposed
« Reply #19 on: October 16, 2017, 07:15:49 pm »
Security through obscurity is not considered safe either.
https://en.wikipedia.org/wiki/Security_through_obscurity

If so, the the whole business of patching software is a bad practice. After all, the only reason the unpatched vulns had not been exploited up to now is that they were obscure. WPA2 has been in use for a long time, and at any time during that interval the vuln could have been exploited. Maybe was exploited. Who knows?

The proper answer being to get rid of all software written with compilers prone to these security bugs. Especially C with its unchecked buffer risk.
« Last Edit: October 16, 2017, 07:18:59 pm by IanMacdonald »
 

Offline Gribo

  • Frequent Contributor
  • **
  • Posts: 629
  • Country: ca
Re: WPA2 vulnerability exposed
« Reply #20 on: October 16, 2017, 07:30:13 pm »
Your alternative 'software' would be punch cards? clay tablets?
I am available for freelance work.
 

Offline cdev

  • Super Contributor
  • ***
  • !
  • Posts: 7350
  • Country: 00
Re: WPA2 vulnerability exposed
« Reply #21 on: October 16, 2017, 07:57:54 pm »
A similar huge vulnerability exists in bluetooth, also recently discovered.

Is all of this coincidental?
"What the large print giveth, the small print taketh away."
 

Offline cdev

  • Super Contributor
  • ***
  • !
  • Posts: 7350
  • Country: 00
Re: WPA2 vulnerability exposed
« Reply #22 on: October 16, 2017, 08:01:21 pm »
Sorry, already did it many years ago. Its not the big deal you make it out to be.

Thanks for the advice cdev. If you could only make a quick youtube video to make it less useless, i.e a video of yourself cutting drywalls, patching them back, drilling through floor and floor joists and the house outside walls, pulling ethernet wiring through the holes, installing Rj45 outlets and stuff. That would be greatly appreciated.  :)
"What the large print giveth, the small print taketh away."
 
The following users thanked this post: MrW0lf

Offline metrologist

  • Super Contributor
  • ***
  • Posts: 2199
  • Country: 00
Re: WPA2 vulnerability exposed
« Reply #23 on: October 16, 2017, 08:22:55 pm »
Microsoft has you covered:

https://www.microsoft.com/en-us/store/p/crack-attack/9nblggh3s5v5

Seriously, I'm wondering who supplies the patch for my Windows 10 desktop machines? I think MS would be pushing an update since I believe I'm using the OS application to access the network.  :-//

OK, just found that the Oct 10th update provided the patch. Win7 not supported?
« Last Edit: October 16, 2017, 08:28:56 pm by metrologist »
 

Offline MrW0lf

  • Frequent Contributor
  • **
  • Posts: 922
  • Country: ee
    • lab!fyi
Re: WPA2 vulnerability exposed
« Reply #24 on: October 16, 2017, 08:45:29 pm »
Sorry, already did it many years ago. Its not the big deal you make it out to be.

:-+ Wireless is for kids and housewives who cannot handle tools, men lay copper.
 
The following users thanked this post: SeanB, stj


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf