Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks.

It works by exploiting a four-way handshake that's used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it's resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.

Reply to
harry newton
Loading thread data ...

He who is harry newton said on Mon, 16 Oct 2017 06:33:13 +0000 (UTC):

More links now that they published the paper on the attack a half hour ago.

Manufacturers apparently had 50 days to effect the fix: Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2

Updates in

formatting link

Reply to
harry newton

He who is KenW said on Mon, 16 Oct 2017 07:36:14 -0600:

I have Ubiquiti equipment where I've been in contact with them.

They already had the fix since they received notice 50 days ago.

But they told me this morning that they just received new information so they're effecting a second fix as we speak.

Reply to
harry newton

He who is harry newton said on Mon, 16 Oct 2017 06:33:13 +0000 (UTC):

Here is ubiquiti's response to the AirMax products that I often use on my rooftop and as my many access points in my house and barn and pool and corral and driveway gate cameras, etc., and that all my neighbors use for our WISP radios.

"Yes, this is a very big problem for WPA2 clients that won't get any more updates. But let's keep this thread focused on airMAX products. First of all, you are mostly covered if you are running v8.4.0 (AC series) or v6.0.7 (M series). We will fully resolve the issue with v8.4.2/v6.1.2 (betas aimed for the end of this week). Furthermore, our proprietary airMAX protocol makes simple attacks more difficult to carry out. Will be fully fixed with v8.4.2/v6.1.2: CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake CVE-2017-13078: reinstallation of the group key in the Four-way handshake CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake CVE-2017-13080: reinstallation of the group key in the Group Key handshake CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake Unaffected: CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame"

Reply to
harry newton

In message , harry newton writes: []

[] Just out of curiosity, does the device have to be _using_ WPA/WPA2 to be vulnerable - i. e. would one still using WEP, or even no encryption (neither being a good idea for other reasons) still be susceptible, or immune?
Reply to
J. P. Gilliver (John)

The attack is against the WPA handshake. No WPA, no attack from this method. WEP and no-encryption cases are subject to different attacks.

The fix (I gather) is to protect against accepting replays during the handshake.


------ get ready to patch all your IoT devices, they sure make life easier, right?

Reply to
Eli the Bearded

How does this colloquial summary for my family look - in case you want to send one to YOUR family? ======== People are asking what to do about the KRACK Attack vulnerability (note the pleonasm), so I figured I'd let everyone know what it is & I figured I'd give folks the opportunity to ask question if they're concerned.

The canonical site for the attack is written by the white hat who found it:

Here's my ad-hoc summary, written with respect to what you and I need to know & do.

  1. In May, the white hat notified the government & vendors he found a bug in all WPA WiFi (e.g., WPA2) where someone who is *close* enough to intercept the signals can see everything you do.

  1. It affects all WiFi devices but the worst affected is Android at or over version 6, macOS, Linux, and really fast (i.e., 802.11r fast roaming) routers set up as repeaters (i.e., as a second router).

Far less affected are the WiFi in iPhones, iPads, iPods, older Android devices, Windows computers, and normal routers (e.g., 802.11n or 802.11ac), especially if they're set up as the main router (and not as a repeater).

  1. There is only one viable solution, which is to *update* your device firmware or software, whether that be a mobile phone, a laptop, a desktop, a router working as a repeater, or the main router.

The order of priority should be: a. If you have Android 6+, then you *should* update soon. b. If you have MacOS or Linux, then you should update soon. c. If you have an 802.11r router, then you should update soon.

You can take your sweet time on everything else, but everything needs to be updated.

  1. The problem, of course, is *how* to update each device. a. First look for your device to see if there is an update b. Then try to find the update

c. Then update.

What a pain. Let me know if you have questions. ========

Reply to
harry newton

Thanks: I've marked your post as keep.

As to how it "looks", assuming by "colloquial" you meant understandable by everyone, I envy you your family, if you can throw in words and phrases like pleonasm, canonical, ad-hoc, vendors, and "whether that be" at random! (OK, I could with mine, but he's a lexicographer! I myself am not _too_ sure what pleonasm means - from context, I'm guessing tautology.) [] Thanks again, though!

Reply to
J. P. Gilliver (John)

He who is J. P. Gilliver (John) said on Sun, 29 Oct 2017 13:53:14 +0000:

Thanks J.P. Gilliver for *appreciating* the effort. See below for another effort I made just now to *simplify* the learning steps so that the *next* person can just click on the pictures to get an

*idea* of the process involved in updating any WiFi device.

My entire family is well educated, as are most in the USA, with more than a degrees piled high and deep - but I'm the only one with a few technical degrees (science and engineering) - the rest are lawyers and educators so they're not up to speed on technical stuff (that's why I was born).

Since I have more than a half dozen access points and a dozen or more WiFi devices in the home, I documented in detail the update of just *one* of my transceivers (which is set up as an access point), so that others might benefit from a pictorial view of the whole process.

This specific radio transmits 26 decibels (dBm) of power into an 18 decibel antenna (dBi) so it can easily connect by WiFi to a house 10 miles away, but it's only being used to connect to the barn WiFi cameras which are only about 1/2 kilometer away (so, yeah, it's overkill) but at the same time, it paints an area which allows anyone within miles to connect to my router via their cellphone WiFi if they knew how to.

As always, to help everyone increase their knowledge in every post, I documented the steps below so that anyone can learn how it's done in a minute, without having to make mistakes.

(0) Log into your radio using your administrator login & password

(1) Check the firmware version (noting the board revision, e.g., XW)

(2) Hit the "Check Now" button to see if you can update from here

(3) If not, go to the manufacturer's web site to locate the firmware file

(4) You may have to agree to the manufacturer's updated EULA

(5) Download the file to a known location on your computer

(6) Save the file in a logical location on your computer for future use

(7) Then in the radio, press the "Upload Firmware Choose File" button

(8) Wait for the firmware to upload (it may take a minute or two)

(9) Once uploaded, press the "Update" button to update the firmware

(10) Wait for the firmware to be updated (it may take a minute or two)

(11) Do not power down while you are waiting for the firmware to update

(12) When done, the radio will reboot; log back in to check results

(13) You should note that the firmware is now updated to the latest revision

(14) Doublecheck now that everything is updated that it is working fine

Reply to
harry newton Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.