Underseer
Contributor
https://arstechnica.com/information...l-leaves-wi-fi-traffic-open-to-eavesdropping/
Maybe it's time for me to break down and get VPN.
Maybe it's time for me to break down and get VPN.
-
Features
WPA2 flaw found. Your WiFi security is now next to worthless
- Thread starter Underseer
- Start date
bilby
Fair dinkum thinkum
- Joined
- Mar 6, 2007
- Messages
- 40,341
- Gender
- He/Him
- Basic Beliefs
- Strong Atheist
It's only a problem if the bad guys are in range of your signal. I can't see a problem for my WiFi; Sometimes I can barely connect to it from inside the house, and I think I would notice a hacker sitting in my living room or skulking in the spare bedroom.
barbos
Contributor
Patch was released within few hours. I just installed it. Don't know if it's the end of it though.
And my understanding is that it can be patched on either side. So if you patched you client then you don't need access point to be patched.
So in theory you can use your old WiFi router without patching as long as all clients are patched. But I am not 100% sure
And my understanding is that it can be patched on either side. So if you patched you client then you don't need access point to be patched.
So in theory you can use your old WiFi router without patching as long as all clients are patched. But I am not 100% sure
barbos
Contributor
Bad guys can use bigger high gain antennas. Russian hackers can do it from a satellite.
It's only a problem if the bad guys are in range of your signal. I can't see a problem for my WiFi; Sometimes I can barely connect to it from inside the house, and I think I would notice a hacker sitting in my living room or skulking in the spare bedroom.
bilby
Fair dinkum thinkum
- Joined
- Mar 6, 2007
- Messages
- 40,341
- Gender
- He/Him
- Basic Beliefs
- Strong Atheist
I don't think there are patches yet for all affected clients; and patches for older routers may never be published.
I am think that's right; The attack vector involves spoofing the third part of the four part WPA2 handshake, which causes re-use of a 'nonce' - a 'number used once', which the attacker can then record and use to decrypt the traffic passed by the client in the subsequent session.
In some linux environments (including android), the network key can be forcibly reset to all zeros, which opens up all subsequent sessions between that client and the AP.
Patching a client protects that client, even if the AP is un-patched; Patching the AP protects all connections to that AP, even from un-patched clients.
Obviously it is better for most users to patch their client devices, rather than trust network admins to patch their APs, as the average user has no information on the patch status of any APs they may connect to.
ETA - apparently that's not right; The guy who uncovered this vuln, Mathy Vanhoef, says in his FAQ - "both the client and AP must be patched to defend against all attacks".
However the FAQs also say:
More details on Vanhoef's page at: https://www.krackattacks.com/
bilby
Fair dinkum thinkum
- Joined
- Mar 6, 2007
- Messages
- 40,341
- Gender
- He/Him
- Basic Beliefs
- Strong Atheist
Bad guys can use bigger high gain antennas. Russian hackers can do it from a satellite.It's only a problem if the bad guys are in range of your signal. I can't see a problem for my WiFi; Sometimes I can barely connect to it from inside the house, and I think I would notice a hacker sitting in my living room or skulking in the spare bedroom.
Oh, shit. What if the Russians get their hands on my TFT credentials??
ETA
Obviously could not happening. Is fine, I totally secure here.
Your comrade,
barbos
Contributor
FAQ is vague if not useless on this issue that's why I said I was not 100% sure.. I understand that public access points have a problem of negotiating keys without other clients getting some of it. But if it's a home WiFi router with one preshared password it seems that there should be no troubles in negotiating a session key privately (from third party who does not have WiFi password).
In other words home WiFi could be perfectly safe.
In any case, patch for linux appeared almost immediately and I patched all my comps.
I am reading https://en.wikipedia.org/wiki/IEEE_802.11i-2004
In other words home WiFi could be perfectly safe.
In any case, patch for linux appeared almost immediately and I patched all my comps.
I am reading https://en.wikipedia.org/wiki/IEEE_802.11i-2004
Last edited:
Jimmy Higgins
Contributor
- Joined
- Jan 31, 2001
- Messages
- 50,532
- Basic Beliefs
- Calvinistic Atheist
WPA2 flaw found by good guys just now. WPA2 has been around for quite a while. Wonder how long the CIA knew about it.
Shake
Senior Member
Well there's your problem right there! Cut it out, damned researchers!
barbos
Contributor
They always knew it. But they don't really need it because they can simply get the traffic from Internet providers. Hackers, on the other hand, can use it with great effect.
bilby
Fair dinkum thinkum
- Joined
- Mar 6, 2007
- Messages
- 40,341
- Gender
- He/Him
- Basic Beliefs
- Strong Atheist
With great effort, you mean.
It's not an easy hack, as it relies on physical proximity, plus a bunch of fairly expensive hardware; And it is completely stymied by the use of SSL or a VPN - so it's usefulness to black-hats is quite restricted.
Just using the 'HTTPS Everywhere' browser plugin in Chrome or Firefox will prevent anyone from being able to do more than intercept and decrypt packets whose plaintext content is encrypted data.
This is a big problem, but not really a cause for panic. People just need to assume that their local network traffic is not secure, despite being inside a firewall - which frankly is an assumption we should all have been making to begin with.
After all, there are plenty of opportunities to grab (and/or spoof) HTTP traffic once it passes out to the Internet that don't require an attacker to even be on the same continent as their victim. If you are going to the trouble to park a black van outside your victim's home or office, then what's stopping you from tapping into the ADSL line coming from the building?
barbos
Contributor
It requires ordinary device with WiFi.
Yes, but how many people use it?
Not all websites have https.
ADSL is often and probably usually encrypted. optical cable certainly is encrypted.
This particular hack is suited for public access point scenario where they inject their code into HTML and then get you computer infected with something. So it's not just simply listening to your traffic.
Last edited:
funinspace
Don't Panic
- Joined
- Mar 1, 2004
- Messages
- 4,204
- Location
- Oregon
- Gender
- Alien
- Basic Beliefs
- functional atheist; theoretical agnostic
The world of WiFi is not ending. Security bugs come; patches come; repeat. This is just reality. Public WiFi has always been like having unprotected sex with a prostitute, if you don't take precautions. The local Starbucks is still more dangerous than your home...
Anywho, the patches are coming, and many are already available. Windows already has the patch available, and those with Win10 probably already have it, as private users mostly have versions that auto-update.
http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/
I'd say to just watch your WiFi vendor for updates over the next couple months. For most people, the home WiFi AP is a minor issue as the signal doesn't go very far.
I suspect the lack of clarity on the Access Point (AP) vulnerability at this point simply has to do with so many vendors being out there, with each their own firmware, as well as some routers could be used in repeater modes.
Anywho, the patches are coming, and many are already available. Windows already has the patch available, and those with Win10 probably already have it, as private users mostly have versions that auto-update.
http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/
I'd say to just watch your WiFi vendor for updates over the next couple months. For most people, the home WiFi AP is a minor issue as the signal doesn't go very far.
bilby
Fair dinkum thinkum
- Joined
- Mar 6, 2007
- Messages
- 40,341
- Gender
- He/Him
- Basic Beliefs
- Strong Atheist
For most people, the home WiFi AP is more than two years old, and no longer supported by the vendor. Patches for these will never be available. Most people won't care, and those who do will be told that their only option is to upgrade to a newer model (at their own expense, of course).
Client side patching is routine and easy.
Router firmware is almost never patched, once it has been in the field for a few years, and the worst of the initial bugs have been fixed. And people tend to keep using their routers for years, only replacing it when they switch ISPs, or when they reach a tipping point where their existing unit can't cope with the number of client devices they are connecting. Neither of which happens very often.
Probably the most common reason people buy new WiFi routers is poor signal due to interference from neighbour's networks - a problem that buying a new router probably won't solve.
funinspace
Don't Panic
- Joined
- Mar 1, 2004
- Messages
- 4,204
- Location
- Oregon
- Gender
- Alien
- Basic Beliefs
- functional atheist; theoretical agnostic
Planned obsolescence at its finest. I'm sure a lot of the cheapest WiFi routers are as you say; as cheap is often not low cost. Not that my roughly 3-4 year old ASUS router has info on this particular issue yet, but its last FW release was last July, and still has updates coming out every 3-6 months.
Yep, as the SW vendors push the need for updates as they generally have more holes; or as how Microsoft is now forcing updates on Win10.
Yeah, people probably don't...like they use shitty passwords, like they use PIN codes tied to birthdays, like... And it still isn't clear to me how much the WiFi routers are truly impacted by KRACK.
barbos
Contributor
By the way, here is my WiFi password "_sxBtNvvNxblS80FrddjWj8eaqiDwr-v1jtWjggfTL07J2yFpSCMDPjr_BIN3mVC"
barbos
Contributor
OK, I read https://en.wikipedia.org/wiki/IEEE_802.11i-2004 and https://www.krackattacks.com/
And moreless understand what's going on.
It affects pretty much all home WiFi, but problem is mostly located in clients.
linux programmers behind wpa_supplicant are raging idiots, and the rest of WiFi people are just idiots. They simply don't know what they are doing.
Also I realized that public, open to everybody WiFi has no security, none at all.
And moreless understand what's going on.
It affects pretty much all home WiFi, but problem is mostly located in clients.
linux programmers behind wpa_supplicant are raging idiots, and the rest of WiFi people are just idiots. They simply don't know what they are doing.
Also I realized that public, open to everybody WiFi has no security, none at all.
funinspace
Don't Panic
- Joined
- Mar 1, 2004
- Messages
- 4,204
- Location
- Oregon
- Gender
- Alien
- Basic Beliefs
- functional atheist; theoretical agnostic
Another link with a good list of who has patches or the status if known:
https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it
https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it
Bad guys can use bigger high gain antennas. Russian hackers can do it from a satellite.It's only a problem if the bad guys are in range of your signal. I can't see a problem for my WiFi; Sometimes I can barely connect to it from inside the house, and I think I would notice a hacker sitting in my living room or skulking in the spare bedroom.
Disagree--the antenna needed to do it from space is simply too big--nobody's launched anything like that.
