KRACK attacks (WPA2 is not secure anymore)
Tracked by Jolla
(In release)
asked 2017-10-16 14:40:00 +0300
According to a recent paper, WPA2 is not secure anymore. Please update ASAP all related software (wpa_supplicant,...) !
1
3 Answers
answered 2017-10-17 10:04:07 +0300
Patched in the upcoming Sailfish OS 2.1.3:
Comments
answered 2017-10-17 09:07:15 +0300
The mentioned attack is possible due to security holes CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088. As far as I understood the paper WPA2 is not generally broken, only the implementation has weaknesses. Additionally the secret Masterkey is not copied, so it works only once per time, which leads to the assumption that the danger is pretty low of we use a modern browser and SSL. BTW, fixes are already rolling out for some linux distros.
I wish everyone a nice day!
edit: good article about it in german https://www.golem.de/news/wlan-wpa-2-ist-kaputt-aber-nicht-gebrochen-1710-130636.html
Comments
"As far as I understood the paper WPA2 is not generally broken, only the implementation has weaknesses."
This is true, strictly speaking, but in my understanding the sting in the tail is that it is correct (i.e. fully-conformant) implementations that are the most vulnerable. See http://www.theregister.co.uk/2017/10/17/kracken_patches/ which contains the following:
"Judging from the academics' paper, Windows and iOS are largely unaffected by KRACK in that it is rather difficult to exploit the protocol flaws due to Microsoft and Apple's implementations of WPA2 – and, in any case, patches are either available or incoming. Linux, Android 6.0 and above, OpenBSD 6.1, and macOS 10.12 and 10.9 are most at risk from KRACK's eavesdropping techniques due to the way they handle encryption key reuse in WPA2."
It is true that encrypted (for example HTTPS) traffic can't be tampered with because of this problem, however unencrypted traffic is liable to injection of malicious content.
pakman ( 2017-10-17 19:13:51 +0300 )editanswered 2017-10-16 15:07:48 +0300
WPA2 has been insecure for a while now, people are just not talking about it enough.
It only goes to show how we NEED open firmware on ALL THE THINGS, so security flaws can be mitigated against in a timely manner.
I am a big proponent of OpenWRT (LEDE) and recommend everyone thinks about wireless communication as being inherently insecure.
Comments
1
Try and learn eap-tls (https://wiki.openwrt.org/doc/howto/wireless.security.8021x)
Just a joke. @jolla please create a useful eap-tls interface for the end user. Ansible guys:
---
# tasks file for j-wlan
- name: create wlan file
template:
src: templates/wlan.config.j2
dest: "/var/lib/connman/{{ wlan_name}}.config"
mode: 0600
become: true
tags:
- wlan
and this template:
[service_{{ wlan_name }}]
Type=wifi
Name={{ wlan_name }}
EAP=tls
CACertFile = /home/nemo/.cert/{{ wlan_cacertfile }}
ClientCertFile = /home/nemo/.cert/{{ wlan_certfile }}
PrivateKeyFile = /home/nemo/.cert/{{ wlan_keyfile }}
PrivateKeyPassphrase = {{ wlan_passphrase }}
Identity = {{ wlan_identity }}
(and of course you need to know what I mean)...
cy8aer ( 2017-10-16 15:23:55 +0300 )edit4
;) Quite. Well truth is history has proven how all wireless communication platforms have become vulnerable over time. GSM, Bluetooth, WEP, NFC, WPS, WPA, WPA2 etc.
It is less about the implementation than is it about the medium itself. When you are broadcasting for the whole world can see don't be surprised if someone finds a way to listen in on it.
veritanuda ( 2017-10-16 15:50:57 +0300 )edit8
@veritanuda that video is laughable.... it shows a simple bruteforce dictionary attack - sth EVERY encryption can be cracked with. in other words WPA has _not_ been insecure until now. at least not after your source
misc11 ( 2017-10-16 17:21:09 +0300 )editStats
Asked: 2017-10-16 14:40:00 +0300
Seen: 3,004 times
Last updated: Oct 17 '17
That's pretty serious on face value.
Spam Hunter ( 2017-10-16 14:50:04 +0300 )editseems not to be fixed yet...
https://w1.fi/cgit/hostap/log/
daywalker ( 2017-10-16 15:37:57 +0300 )editYet another vuln, and you need to know the password to do anything (like all the other vulns). Just don't give your wireless password to just anybody and use a vpn elsewhere.
gabriel ( 2017-10-16 17:21:00 +0300 )editAccording to the paper, its not your password that is the vulnerability, it is the installation of the key - so changing your password will have no resistance against an attack
Ryan ( 2017-10-17 11:35:44 +0300 )editRyan, you missed my point - the attacker has to have your password _before_ they can attack. So, keep your network secure and use a VPN on other people's networks. They may sniff your traffic, but it will be encrypted.
gabriel ( 2017-10-17 12:51:39 +0300 )edit