Author Topic: Serious WPA2 vulnerability discovered  (Read 2246 times)

0 Members and 1 Guest are viewing this topic.

Offline zappaDPJ

  • Administrator
  • *****
  • Posts: 13973
  • Karma: 239
Serious WPA2 vulnerability discovered
« on: Oct 16, 2017, 22:35:31 »
I don't really know how credible this is but having read through the entire document it sounds like something we should all be a little concerned about.

Quote
We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.
https://www.krackattacks.com/
zap
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Offline Simon

  • Administrator
  • *****
  • Posts: 61522
  • Karma: 1074
    • PC Pals Forum
Re: Serious WPA2 vulnerability discovered
« Reply #1 on: Oct 16, 2017, 22:37:01 »
:sigh: 

Something else to worry about!
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Offline zappaDPJ

  • Administrator
  • *****
  • Posts: 13973
  • Karma: 239
zap
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Offline Bill

  • Netter Nutter
  • ********
  • Posts: 3386
  • Karma: 57
  • Older and wiser.... yeah, right.
    • Gallery
Re: Serious WPA2 vulnerability discovered
« Reply #3 on: Oct 17, 2017, 08:07:06 »
Most reports I've seen suggest that connecting to sites with properly set up https is reasonably safe...

Not sure whose problem that is for this site, except that it's not mine  ;D
Bill
BQMs-  IPv4  IPv6

Offline Gary

  • Supreme Netter
  • *************
  • Posts: 15688
  • Karma: 241
Re: Serious WPA2 vulnerability discovered
« Reply #4 on: Oct 17, 2017, 08:08:35 »
Shame this site does not have https <sigh>

Offline robinc

  • Super Netter
  • *****
  • Posts: 250
  • Karma: 3
Re: Serious WPA2 vulnerability discovered
« Reply #5 on: Oct 17, 2017, 09:43:09 »
It does appear to require a huge amount of computing resource to actually achieve this, so unless your next door neighbour has a supercomputer tucked away somewhere it it doesn't look like an attack is imminent.

Perhaps changing your wifi key/password once a week and making it really really long will be of some help.

In the meantime I guess ethernet rulez :eek4:

Who knows, this may even put the boot into Smart Meters rollout  :evil:
If we tell people their brain is an app - they might actually start to use it.

Offline nowster

  • Netter Nutter
  • ********
  • Posts: 2736
  • Karma: 24
Re: Serious WPA2 vulnerability discovered
« Reply #6 on: Oct 17, 2017, 11:32:15 »
It doesn't look as if the WPA2 stack on Windows is vulnerable. Anything based on wpa_supplicant/hostapd will be. This includes Linux and Android. Patches started trickling out yesterday. I don't know about Apple, but it's likely their products are vulnerable.

Offline Gary

  • Supreme Netter
  • *************
  • Posts: 15688
  • Karma: 241
Re: Serious WPA2 vulnerability discovered
« Reply #7 on: Oct 17, 2017, 11:53:30 »
It doesn't look as if the WPA2 stack on Windows is vulnerable. Anything based on wpa_supplicant/hostapd will be. This includes Linux and Android. Patches started trickling out yesterday. I don't know about Apple, but it's likely their products are vulnerable.
Apples gear is patched in the latest betas which they are rolling out soon. Netgear routers are not vulnerable unless in bridge mode then they are a client which causes the issue. The problem is so many older devices like TV's, blu-ray players etc may never get patched, also Android phones may take months to patch 41% are vulnerable as of now. Google has to make the patch then it has to go to the network providers to be tested then incorporated into their firmware on Android phones that are not bought sim free but come bought from places like Vodafone etc who also add their own layer of bloat. I'm guessing many Android phones wont see a patch at all like older iPhones and loads of older tablets too and old linux devices which are like Android the most vulnerable and most TV's set top boxes etc are Linux based. As to tall the IoT gadgets good luck with them  :slap:
« Last Edit: Oct 17, 2017, 12:13:02 by Gary »

Offline zappaDPJ

  • Administrator
  • *****
  • Posts: 13973
  • Karma: 239
Re: Serious WPA2 vulnerability discovered
« Reply #8 on: Oct 17, 2017, 12:27:08 »
Shame this site does not have https <sigh>

It's something I've been looking at for a while. It may well be implemented after the next still in development SMF upgrade becomes available.
zap
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Offline robinc

  • Super Netter
  • *****
  • Posts: 250
  • Karma: 3
Re: Serious WPA2 vulnerability discovered
« Reply #9 on: Oct 17, 2017, 15:14:37 »
Debian Jessie - my wpasupplicant was updated this morning. That was quick. :)
If we tell people their brain is an app - they might actually start to use it.

Offline nowster

  • Netter Nutter
  • ********
  • Posts: 2736
  • Karma: 24
Re: Serious WPA2 vulnerability discovered
« Reply #10 on: Oct 17, 2017, 16:40:20 »

Offline zappaDPJ

  • Administrator
  • *****
  • Posts: 13973
  • Karma: 239
zap
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Offline Gary

  • Supreme Netter
  • *************
  • Posts: 15688
  • Karma: 241
Re: Serious WPA2 vulnerability discovered
« Reply #12 on: Oct 19, 2017, 07:51:51 »
It's something I've been looking at for a while. It may well be implemented after the next still in development SMF upgrade becomes available.
I think now more than ever it needs it, Zap.

Offline steve195527

  • Addicted Netter
  • ****
  • Posts: 135
  • Karma: 2
Re: Serious WPA2 vulnerability discovered
« Reply #13 on: Oct 22, 2017, 03:06:24 »
I find in general Microsoft are far more forthcoming about security issues AND seem to patch them quicker than Apple,even though the general consensus is the opposite,maybe Apple play on users belief that their products are more or less immune from malware/hackers etc?

Offline Gary

  • Supreme Netter
  • *************
  • Posts: 15688
  • Karma: 241
Re: Serious WPA2 vulnerability discovered
« Reply #14 on: Oct 22, 2017, 23:52:23 »
I find in general Microsoft are far more forthcoming about security issues AND seem to patch them quicker than Apple,even though the general consensus is the opposite,maybe Apple play on users belief that their products are more or less immune from malware/hackers etc?
I wouldn't says that they don't always patch faster both are as bad as each other at times. I mean in 2014 Microsoft patched a 19 year old critical bug that's hardly fast and Apple had a vulnerability in the release on High Sierra this year. Apple users are more immune to some malware but its on the rise and they know that too. Nobody believes they are immune these days and if they do they are idiots.  ::)

Offline steve195527

  • Addicted Netter
  • ****
  • Posts: 135
  • Karma: 2
Re: Serious WPA2 vulnerability discovered
« Reply #15 on: Oct 23, 2017, 17:51:34 »
I wouldn't says that they don't always patch faster both are as bad as each other at times. I mean in 2014 Microsoft patched a 19 year old critical bug that's hardly fast and Apple had a vulnerability in the release on High Sierra this year. Apple users are more immune to some malware but its on the rise and they know that too. Nobody believes they are immune these days and if they do they are idiots.  ::)
malware writers play a numbers game,only reason macs were more immune was there was hardly any written/released to attack them it wasn't worth targeting a relatively low number of users when they could target millions more through pc's,if it's the 19yr old bug I think you mean it was only discovered when it was 19yrs old,microsoft patched quickly after then,also where did rootkits first rear their heads:-was unix/Linux  not windows
« Last Edit: Oct 23, 2017, 18:07:35 by steve195527 »

Offline Gary

  • Supreme Netter
  • *************
  • Posts: 15688
  • Karma: 241
Re: Serious WPA2 vulnerability discovered
« Reply #16 on: Oct 24, 2017, 12:58:01 »
malware writers play a numbers game,only reason macs were more immune was there was hardly any written/released to attack them it wasn't worth targeting a relatively low number of users when they could target millions more through pc's,if it's the 19yr old bug I think you mean it was only discovered when it was 19yrs old,microsoft patched quickly after then,also where did rootkits first rear their heads:-was unix/Linux  not windows
Long ago getting into Apple vs Windows sparring matches became very dull and repetitive, and getting into a Linux vs Unix vs Microsoft one is something I decided to avoid because of its shear tedium. I see no reason to change that decision now.

Offline Technical Ben

  • Live-in Netter
  • *********
  • Posts: 5881
  • Karma: 53
Re: Serious WPA2 vulnerability discovered
« Reply #17 on: Oct 26, 2017, 19:09:56 »
That and some of the devices have learnt from MS mistakes. ;)

Like Apple phones having an "enclave" etc built and designed in. Some things are available in Pro versions of Windows (entire disk encryption etc), but not on the home version... this also makes things harder to protect, than say Linux etc (who may sandbox more in the past, and home Windows is catching up).
I use to have a signature, then it all changed to chip and pin.

Offline zappaDPJ

  • Administrator
  • *****
  • Posts: 13973
  • Karma: 239
Re: Serious WPA2 vulnerability discovered
« Reply #18 on: Oct 27, 2017, 02:03:49 »
I think now more than ever it needs it, Zap.

It's at the top of my list but it's proving to be somewhat problematical.
zap
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.


Show unread posts since last visit.
 

Any information and links published in the forum are posted in good faith, but the forum staff and
owners cannot and do not accept responsibility for the content and accuracy of external websites.