Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

11 views
Skip to first unread message

harry newton

unread,
Oct 16, 2017, 2:33:19 AM10/16/17
to
Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
The proof-of-concept exploit is called KRACK, short for Key Reinstallation
Attacks.

It works by exploiting a four-way handshake that's used to establish a key
for encrypting traffic. During the third step, the key can be resent
multiple times. When it's resent in certain ways, a cryptographic nonce can
be reused in a way that completely undermines the encryption.

<https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/>

harry newton

unread,
Oct 16, 2017, 8:47:56 AM10/16/17
to
He who is harry newton said on Mon, 16 Oct 2017 06:33:13 +0000 (UTC):

> It works by exploiting a four-way handshake that's used to establish a key
> for encrypting traffic. During the third step, the key can be resent
> multiple times. When it's resent in certain ways, a cryptographic nonce can
> be reused in a way that completely undermines the encryption.
>
> <https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/>

More links now that they published the paper on the attack a half hour ago.
<https://www.krackattacks.com>

Manufacturers apparently had 50 days to effect the fix:
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
<https://papers.mathyvanhoef.com/ccs2017.pdf>

Updates in http://tinyurl.com/alt-internet-wireless

harry newton

unread,
Oct 16, 2017, 9:53:00 AM10/16/17
to
He who is KenW said on Mon, 16 Oct 2017 07:36:14 -0600:

> Kind of hard until the manufacturer says there is a fix.

I have Ubiquiti equipment where I've been in contact with them.

They already had the fix since they received notice 50 days ago.

But they told me this morning that they just received new information so
they're effecting a second fix as we speak.

Colonel Edmund J. Burke

unread,
Oct 16, 2017, 9:54:16 AM10/16/17
to
Go eat some dog turds, you god damned fucking nigger!

harry newton

unread,
Oct 16, 2017, 10:01:04 AM10/16/17
to
He who is Colonel Edmund J. Burke said on Mon, 16 Oct 2017 06:54:13 -0700:

> Go eat some dog turds, you god damned fucking nigger!

Back on topic, the weaknesses are in the Wi-Fi standard itself, and not in
individual products or implementations.

Therefore, any correct implementation of WPA2 is likely affected. To
prevent the attack, users must update affected products as soon as security
updates become available.

If your device supports Wi-Fi, it is most likely affected.

Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are
all affected by some variant of the attacks.

The research behind the attack will be presented at the Computer and
Communications Security (CCS) conference, and at the Black Hat Europe
conference. Our detailed research paper can already be downloaded.

DEMONSTRATION
As a proof-of-concept we executed a key reinstallation attack against an
Android smartphone.

In this demonstration, the attacker is able to decrypt all data that the
victim transmits. For an attacker this is easy to accomplish, because our
key reinstallation attack is exceptionally devastating against Linux and
Android 6.0 or higher.

This is because Android and Linux can be tricked into (re)installing an
all-zero encryption key (see below for more info). When attacking other
devices, it is harder to decrypt all packets, although a large number of
packets can nevertheless be decrypted.

In any case, the following demonstration highlights the type of information
that an attacker can obtain when performing key reinstallation attacks
against protected Wi-Fi networks:

Any data or information that the victim transmits can be decrypted.

Additionally, depending on the device being used and the network setup, it
is also possible to decrypt data sent towards the victim (e.g. the content
of a website).

Although websites or apps may use HTTPS as an additional layer of
protection, we warn that this extra protection can (still) be bypassed in a
worrying number of situations. For example, HTTPS was previously bypassed
in non-browser software, in Apple's iOS and OS X, in Android apps, in
Android apps again, in banking apps, and even in VPN apps.

harry newton

unread,
Oct 16, 2017, 6:20:41 PM10/16/17
to
He who is harry newton said on Mon, 16 Oct 2017 06:33:13 +0000 (UTC):

> It works by exploiting a four-way handshake that's used to establish a key
> for encrypting traffic.

Here is ubiquiti's response to the AirMax products that I often use on my
rooftop and as my many access points in my house and barn and pool and
corral and driveway gate cameras, etc., and that all my neighbors use for
our WISP radios.

"Yes, this is a very big problem for WPA2 clients that won't get any more
updates. But let's keep this thread focused on airMAX products.

First of all, you are mostly covered if you are running v8.4.0 (AC series)
or v6.0.7 (M series). We will fully resolve the issue with v8.4.2/v6.1.2
(betas aimed for the end of this week). Furthermore, our proprietary airMAX
protocol makes simple attacks more difficult to carry out.

Will be fully fixed with v8.4.2/v6.1.2:
CVE-2017-13077: reinstallation of the pairwise key in the Four-way
handshake
CVE-2017-13078: reinstallation of the group key in the Four-way handshake
CVE-2017-13079: reinstallation of the integrity group key in the Four-way
handshake
CVE-2017-13080: reinstallation of the group key in the Group Key handshake
CVE-2017-13081: reinstallation of the integrity group key in the Group Key
handshake
Unaffected:
CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
Request and reinstalling the pairwise key while processing it
CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake
CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response frame"

harry newton

unread,
Oct 16, 2017, 8:18:50 PM10/16/17
to
He who is Colonel Edmund J. Burke said on Mon, 16 Oct 2017 06:54:13 -0700:

> Go eat some dog turds, you god damned fucking nigger!

Here's every patch for KRACK Wi-Fi vulnerability available right now
<http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/>

Apple: The iPhone and iPad maker confirmed to sister-site CNET that fixes
for iOS, macOS, watchOS and tvOS are in beta, and will be rolling it out in
a software update in a few weeks.

MORE SECURITY NEWS

WPA2 security flaw puts almost every Wi-Fi device at risk of hijack,
eavesdropping
Homeland Security orders federal agencies to start encrypting sites, emails
+IAs-OnePlus dials back data collection after users protest
These fake tax documents spread jRAT malware
Arris: a spokesperson said the company is "committed to the security of our
devices and safeguarding the millions of subscribers who use them," and is
"evaluating" its portfolio. The company did not say when it will release
any patches.

Aruba: Aruba has been quick off the mark with a security advisory and
patches available for download for ArubaOS, Aruba Instant, Clarity Engine
and other software impacted by the bug.

AVM: This company may not be taking the issue seriously enough, as due to
its "limited attack vector," despite being aware of the issue, will not be
issuing security fixes "unless necessary."

Cisco: The company is currently investigating exactly which products are
impacted by KRACK, but says that "multiple Cisco wireless products are
affected by these vulnerabilities."

"Cisco is aware of the industry-wide vulnerabilities affecting Wi-Fi
Protected Access protocol standards," a Cisco spokesperson told ZDNet.
"When issues such as this arise, we put the security of our customers first
and ensure they have the information they need to best protect their
networks. Cisco PSIRT has issued a security advisory to provide relevant
detail about the issue, noting which Cisco products may be affected and
subsequently may require customer attention.

"Fixes are already available for select Cisco products, and we will
continue publishing additional software fixes for affected products as they
become available," the spokesperson said.

In other words, some patches are available, but others are pending the
investigation.

Espressif Systems: The Chinese vendor has begun patching its chipsets,
namely ESP-IDF and ESP8266 versions, with Arduino ESP32 next on the cards
for a fix.

Fortinet: At the time of writing there was no official advisory, but based
on Fortinet's support forum, it appears that FortiAP 5.6.1 is no longer
vulnerable to most of the CVEs linked to the attack, but the latest branch,
5.4.3, may still be impacted. Firmware updates are expected.

FreeBSD Project: There is no official response at the time of writing.

Google: Google told sister-site CNET that the company is "aware of the
issue, and we will be patching any affected devices in the coming weeks."

HostAP: The Linux driver provider has issued several patches in response to
the disclosure.

Intel: Intel has released a security advisory listing updated Wi-Fi drives
and patches for affected chipsets, as well as Intel Active Management
Technology, which is used by system manufacturers.

Linux: As noted on Charged, a patch is a patch is already available and
Debian builds can patch now, while OpenBSD was fixed back in July.

Netgear: Netgear has released fixes for some router hardware. The full list
can be found here.

Microsoft: While Windows machines are generally considered safe, the
Redmond giant isn't taking any chances and has released a security fix
available through automatic updates.

MikroTik: The vendor has already released patches that fix the
vulnerabilities.

OpenBSD: Patches are now available. (The bastards allowed a diff to be
performed by the bad guys!)

Ubiquiti Networks: A new firmware release, version 3.9.3.7537, protects
users against the attack.

Wi-Fi Alliance: The group is offering a tool to detect KRACK for members
and requires testing for the bug for new members.

Wi-Fi Standard: A fix is available for vendors but not directly for end
users.

At the time of writing, neither Toshiba and Samsung responded to our
requests for comment. If that changes, we will update the story.

J. P. Gilliver (John)

unread,
Oct 17, 2017, 1:00:13 PM10/17/17
to
In message <os2e2r$1hoi$1...@gioia.aioe.org>, harry newton
<ha...@is.invalid> writes:
[]
>If your device supports Wi-Fi, it is most likely affected.
[]
Just out of curiosity, does the device have to be _using_ WPA/WPA2 to be
vulnerable - i. e. would one still using WEP, or even no encryption
(neither being a good idea for other reasons) still be susceptible, or
immune?
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Santa's elves are just a bunch of subordinate Clauses.

Eli the Bearded

unread,
Oct 17, 2017, 3:00:54 PM10/17/17
to
In alt.internet.wireless, J. P. Gilliver (John) <G6JP...@255soft.uk> wrote:
> harry newton <ha...@is.invalid> writes:
>> If your device supports Wi-Fi, it is most likely affected.
> Just out of curiosity, does the device have to be _using_ WPA/WPA2 to be
> vulnerable - i. e. would one still using WEP, or even no encryption
> (neither being a good idea for other reasons) still be susceptible, or
> immune?

The attack is against the WPA handshake. No WPA, no attack from this
method. WEP and no-encryption cases are subject to different attacks.

The fix (I gather) is to protect against accepting replays during the
handshake.

Elijah
------
get ready to patch all your IoT devices, they sure make life easier, right?

harry newton

unread,
Oct 29, 2017, 8:16:15 AM10/29/17
to
How does this colloquial summary for my family look - in case you want to
send one to YOUR family?
========
People are asking what to do about the KRACK Attack vulnerability (note the
pleonasm), so I figured I'd let everyone know what it is & I figured I'd
give folks the opportunity to ask question if they're concerned.

The canonical site for the attack is written by the white hat who found it:
<https://www.krackattacks.com/>

Here's my ad-hoc summary, written with respect to what you and I need to
know & do.

1. In May, the white hat notified the government & vendors he found a bug
in all WPA WiFi (e.g., WPA2) where someone who is *close* enough to
intercept the signals can see everything you do.

2. It affects all WiFi devices but the worst affected is Android at or over
version 6, macOS, Linux, and really fast (i.e., 802.11r fast roaming)
routers set up as repeaters (i.e., as a second router).

Far less affected are the WiFi in iPhones, iPads, iPods, older Android
devices, Windows computers, and normal routers (e.g., 802.11n or 802.11ac),
especially if they're set up as the main router (and not as a repeater).

3. There is only one viable solution, which is to *update* your device
firmware or software, whether that be a mobile phone, a laptop, a desktop,
a router working as a repeater, or the main router.

The order of priority should be:
a. If you have Android 6+, then you *should* update soon.
b. If you have MacOS or Linux, then you should update soon.
c. If you have an 802.11r router, then you should update soon.

You can take your sweet time on everything else, but everything needs to be
updated.

4. The problem, of course, is *how* to update each device.
a. First look for your device to see if there is an update
<https://www.kb.cert.org/vuls/id/228519>
b. Then try to find the update

<http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/>
c. Then update.

What a pain. Let me know if you have questions.
========

J. P. Gilliver (John)

unread,
Oct 29, 2017, 9:54:39 AM10/29/17
to
In message <ot4gqa$101$1...@gioia.aioe.org>, harry newton
<ha...@is.invalid> writes:
>How does this colloquial summary for my family look - in case you want to
>send one to YOUR family?

Thanks: I've marked your post as keep.

As to how it "looks", assuming by "colloquial" you meant understandable
by everyone, I envy you your family, if you can throw in words and
phrases like pleonasm, canonical, ad-hoc, vendors, and "whether that be"
at random! (OK, I could with mine, but he's a lexicographer! I myself am
not _too_ sure what pleonasm means - from context, I'm guessing
tautology.)
[]
Thanks again, though!
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

The fifth bestselling detail of all time: the Ford Transit. (RT/C4 2015-5-24.)

harry newton

unread,
Oct 29, 2017, 11:50:24 AM10/29/17
to
He who is J. P. Gilliver (John) said on Sun, 29 Oct 2017 13:53:14 +0000:

> Thanks: I've marked your post as keep.


Thanks J.P. Gilliver for *appreciating* the effort.
See below for another effort I made just now to *simplify* the learning
steps so that the *next* person can just click on the pictures to get an
*idea* of the process involved in updating any WiFi device.

> As to how it "looks", assuming by "colloquial" you meant understandable
> by everyone, I envy you your family, if you can throw in words and
> phrases like pleonasm, canonical, ad-hoc, vendors, and "whether that be"
> at random! (OK, I could with mine, but he's a lexicographer! I myself am
> not _too_ sure what pleonasm means - from context, I'm guessing
> tautology.)

My entire family is well educated, as are most in the USA, with more than a
degrees piled high and deep - but I'm the only one with a few technical
degrees (science and engineering) - the rest are lawyers and educators so
they're not up to speed on technical stuff (that's why I was born).

Since I have more than a half dozen access points and a dozen or more WiFi
devices in the home, I documented in detail the update of just *one* of my
transceivers (which is set up as an access point), so that others might
benefit from a pictorial view of the whole process.

This specific radio transmits 26 decibels (dBm) of power into an 18 decibel
antenna (dBi) so it can easily connect by WiFi to a house 10 miles away,
but it's only being used to connect to the barn WiFi cameras which are only
about 1/2 kilometer away (so, yeah, it's overkill) but at the same time, it
paints an area which allows anyone within miles to connect to my router via
their cellphone WiFi if they knew how to.

As always, to help everyone increase their knowledge in every post, I
documented the steps below so that anyone can learn how it's done in a
minute, without having to make mistakes.

(0) Log into your radio using your administrator login & password
<http://wetakepic.com/images/2017/10/29/00_PB400_firmware_update_krack.jpg>

(1) Check the firmware version (noting the board revision, e.g., XW)
<http://wetakepic.com/images/2017/10/29/01_PB400_firmware_update_krack.jpg>

(2) Hit the "Check Now" button to see if you can update from here
<http://wetakepic.com/images/2017/10/29/02_PB400_firmware_update_krack.jpg>

(3) If not, go to the manufacturer's web site to locate the firmware file
<http://wetakepic.com/images/2017/10/29/03_PB400_firmware_update_krack.jpg>

(4) You may have to agree to the manufacturer's updated EULA
<http://wetakepic.com/images/2017/10/29/04_PB400_firmware_update_krack.jpg>

(5) Download the file to a known location on your computer
<http://wetakepic.com/images/2017/10/29/05_PB400_firmware_update_krack.jpg>

(6) Save the file in a logical location on your computer for future use
<http://wetakepic.com/images/2017/10/29/06_PB400_firmware_update_krack.jpg>

(7) Then in the radio, press the "Upload Firmware Choose File" button
<http://wetakepic.com/images/2017/10/29/07_PB400_firmware_update_krack.jpg>

(8) Wait for the firmware to upload (it may take a minute or two)
<http://wetakepic.com/images/2017/10/29/08_PB400_firmware_update_krack.jpg>

(9) Once uploaded, press the "Update" button to update the firmware
<http://wetakepic.com/images/2017/10/29/09_PB400_firmware_update_krack.jpg>

(10) Wait for the firmware to be updated (it may take a minute or two)
<http://wetakepic.com/images/2017/10/29/10_PB400_firmware_update_krack.jpg>

(11) Do not power down while you are waiting for the firmware to update
<http://wetakepic.com/images/2017/10/29/11_PB400_firmware_update_krack.jpg>

(12) When done, the radio will reboot; log back in to check results
<http://wetakepic.com/images/2017/10/29/12_PB400_firmware_update_krack.jpg>

(13) You should note that the firmware is now updated to the latest
revision
<http://wetakepic.com/images/2017/10/29/13_PB400_firmware_update_krack.jpg>

(14) Doublecheck now that everything is updated that it is working fine
<http://wetakepic.com/images/2017/10/29/14_PB400_firmware_update_krack.jpg>
0 new messages