We have moved to a new Sailfish OS Forum. Please start new discussions there.
44

KRACK attacks (WPA2 is not secure anymore)

Tracked by Jolla (In release)

asked 2017-10-16 14:40:00 +0200

PhixGre gravatar image

updated 2017-10-17 10:47:00 +0200

jiit gravatar image

According to a recent paper, WPA2 is not secure anymore. Please update ASAP all related software (wpa_supplicant,...) !

edit retag flag offensive close delete

Comments

That's pretty serious on face value.

Spam Hunter ( 2017-10-16 14:50:04 +0200 )edit

seems not to be fixed yet...

https://w1.fi/cgit/hostap/log/

daywalker ( 2017-10-16 15:37:57 +0200 )edit
1

Yet another vuln, and you need to know the password to do anything (like all the other vulns). Just don't give your wireless password to just anybody and use a vpn elsewhere.

gabriel ( 2017-10-16 17:21:00 +0200 )edit
1

According to the paper, its not your password that is the vulnerability, it is the installation of the key - so changing your password will have no resistance against an attack

Ryan ( 2017-10-17 11:35:44 +0200 )edit

Ryan, you missed my point - the attacker has to have your password _before_ they can attack. So, keep your network secure and use a VPN on other people's networks. They may sniff your traffic, but it will be encrypted.

gabriel ( 2017-10-17 12:51:39 +0200 )edit

3 Answers

Sort by » oldest newest most voted
28

answered 2017-10-17 10:04:07 +0200

luen gravatar image

Patched in the upcoming Sailfish OS 2.1.3:

edit flag offensive delete publish link more

Comments

1

Great to hear. Any idea when 2.1.3 will be released for the individual phones (Xperia X already has 2.1.3.5)?

ghling ( 2017-10-17 17:21:05 +0200 )edit

@ghling correct!!! i thought that 2.1.3.x is reserved for xpx...

cemoi71 ( 2017-10-18 18:39:26 +0200 )edit
7

answered 2017-10-17 09:07:15 +0200

shiro kitsune gravatar image

updated 2017-10-17 09:10:27 +0200

The mentioned attack is possible due to security holes CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088. As far as I understood the paper WPA2 is not generally broken, only the implementation has weaknesses. Additionally the secret Masterkey is not copied, so it works only once per time, which leads to the assumption that the danger is pretty low of we use a modern browser and SSL. BTW, fixes are already rolling out for some linux distros.

I wish everyone a nice day!

edit: good article about it in german https://www.golem.de/news/wlan-wpa-2-ist-kaputt-aber-nicht-gebrochen-1710-130636.html

edit flag offensive delete publish link more

Comments

This is the correct answer. A flaw in the RNG of WPA2 has been discovered

Remember: as long as you use https/SSL on sites that support it / force you to, this flaw does not affect your security over those sites.

emva ( 2017-10-17 09:49:23 +0200 )edit

"As far as I understood the paper WPA2 is not generally broken, only the implementation has weaknesses."

This is true, strictly speaking, but in my understanding the sting in the tail is that it is correct (i.e. fully-conformant) implementations that are the most vulnerable. See http://www.theregister.co.uk/2017/10/17/kracken_patches/ which contains the following:

"Judging from the academics' paper, Windows and iOS are largely unaffected by KRACK in that it is rather difficult to exploit the protocol flaws due to Microsoft and Apple's implementations of WPA2 – and, in any case, patches are either available or incoming. Linux, Android 6.0 and above, OpenBSD 6.1, and macOS 10.12 and 10.9 are most at risk from KRACK's eavesdropping techniques due to the way they handle encryption key reuse in WPA2."

It is true that encrypted (for example HTTPS) traffic can't be tampered with because of this problem, however unencrypted traffic is liable to injection of malicious content.

pakman ( 2017-10-17 19:13:51 +0200 )edit
6

answered 2017-10-16 15:07:48 +0200

veritanuda gravatar image

WPA2 has been insecure for a while now, people are just not talking about it enough.

It only goes to show how we NEED open firmware on ALL THE THINGS, so security flaws can be mitigated against in a timely manner.

I am a big proponent of OpenWRT (LEDE) and recommend everyone thinks about wireless communication as being inherently insecure.

edit flag offensive delete publish link more

Comments

1

Try and learn eap-tls (https://wiki.openwrt.org/doc/howto/wireless.security.8021x)

Just a joke. @jolla please create a useful eap-tls interface for the end user. Ansible guys:

---
# tasks file for j-wlan
- name: create wlan file
  template:
    src: templates/wlan.config.j2
    dest: "/var/lib/connman/{{ wlan_name}}.config"
    mode: 0600
  become: true
  tags:
    - wlan

and this template:

[service_{{ wlan_name }}]
Type=wifi
Name={{ wlan_name }}
EAP=tls
CACertFile = /home/nemo/.cert/{{ wlan_cacertfile }}
ClientCertFile = /home/nemo/.cert/{{ wlan_certfile }}
PrivateKeyFile = /home/nemo/.cert/{{ wlan_keyfile }}
PrivateKeyPassphrase = {{ wlan_passphrase }}
Identity = {{ wlan_identity }}

(and of course you need to know what I mean)...

cy8aer ( 2017-10-16 15:23:55 +0200 )edit
4

;) Quite. Well truth is history has proven how all wireless communication platforms have become vulnerable over time. GSM, Bluetooth, WEP, NFC, WPS, WPA, WPA2 etc.

It is less about the implementation than is it about the medium itself. When you are broadcasting for the whole world can see don't be surprised if someone finds a way to listen in on it.

veritanuda ( 2017-10-16 15:50:57 +0200 )edit
8

@veritanuda that video is laughable.... it shows a simple bruteforce dictionary attack - sth EVERY encryption can be cracked with. in other words WPA has _not_ been insecure until now. at least not after your source

misc11 ( 2017-10-16 17:21:09 +0200 )edit
Login/Signup to Answer

Question tools

Follow
11 followers

Stats

Asked: 2017-10-16 14:40:00 +0200

Seen: 3,275 times

Last updated: Oct 17 '17