• We've upgraded our forums. Please post any issues/requests in this thread.

WPA2 Vulnerability Found

Status
Not open for further replies.
Joined
Sep 24, 2008
Messages
2,470 (0.73/day)
Likes
613
Location
Hillsboro, Oregon, USA
System Name Dire Wolf II
Processor Intel Core i7 7820HQ (2.9Ghz, up to 3.9Ghz)
Motherboard HP 8275
Memory 32GB DDR4 2400Mhz
Video Card(s) Sapphire R9 Fury Nitro OC 4GB (Thunderbolt3 eGPU), nVidia Quadro M1200 (GTX750Ti) 4GB GDDR5
Storage HP NVMe 256GB
Display(s) HP Z27q (5120x2880) + Dell P2715Q (3840x2160)
Case HP ZBook 15 G4
Audio Device(s) Musiland Monitor 02 US, Skullcandy SLYR
Power Supply 150W HP PSU (for Laptop) + Corsair RM550x (for eGPU)
Mouse Logitech G400
Keyboard Corsair K95 RGB
Software Windows 10 Enterprise 64-bit
#1
US-CERT statement:
US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

Here is the intro from the disclosure page:
We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.

The research behind the attack will be presented at the Computer and Communications Security (CCS) conference, and at the Black Hat Europe conference. Our detailed research paper can already be downloaded.


This is the researcher's disclosure page:
https://www.krackattacks.com/
 
Joined
Dec 14, 2009
Messages
6,586 (2.25/day)
Likes
5,821
Location
Glasgow - home of formal profanity
System Name New Ho'Ryzen
Processor Ryzen 1700X @ 3.82Ghz
Motherboard Asus Crosshair VI Hero
Cooling TR Le Grand Macho & custom GPU loop
Memory 16Gb G.Skill 3200 RGB
Video Card(s) GTX1080ti (Heatkiller WB) @ 2Ghz core/1.5(12)Ghz mem
Storage Samsumg 960 Pro m2. 512Gb
Display(s) Dell Ultrasharp 27" (2560x1440)
Case Lian Li PC-V33WX
Audio Device(s) On Board
Power Supply Seasonic Prime TItanium 850
Software W10
Benchmark Scores Look, it's a Ryzen on air........ What's the point?
#2
Did I not read, the attack is required to have the password in the first instance, i.e. it's not a case of password cracking to gain access, rather, someone already in the wi-fi 'domain' subsequently performing the encryption side stepping hack?
 
Joined
Sep 24, 2008
Messages
2,470 (0.73/day)
Likes
613
Location
Hillsboro, Oregon, USA
System Name Dire Wolf II
Processor Intel Core i7 7820HQ (2.9Ghz, up to 3.9Ghz)
Motherboard HP 8275
Memory 32GB DDR4 2400Mhz
Video Card(s) Sapphire R9 Fury Nitro OC 4GB (Thunderbolt3 eGPU), nVidia Quadro M1200 (GTX750Ti) 4GB GDDR5
Storage HP NVMe 256GB
Display(s) HP Z27q (5120x2880) + Dell P2715Q (3840x2160)
Case HP ZBook 15 G4
Audio Device(s) Musiland Monitor 02 US, Skullcandy SLYR
Power Supply 150W HP PSU (for Laptop) + Corsair RM550x (for eGPU)
Mouse Logitech G400
Keyboard Corsair K95 RGB
Software Windows 10 Enterprise 64-bit
#3
This attack does not gain access to the network, nor does it require the attacker to be "connected" to the network. If it works, it lets you decrypt some (or in some cases, all) traffic sent between a client and the access point.
 
Joined
Dec 14, 2009
Messages
6,586 (2.25/day)
Likes
5,821
Location
Glasgow - home of formal profanity
System Name New Ho'Ryzen
Processor Ryzen 1700X @ 3.82Ghz
Motherboard Asus Crosshair VI Hero
Cooling TR Le Grand Macho & custom GPU loop
Memory 16Gb G.Skill 3200 RGB
Video Card(s) GTX1080ti (Heatkiller WB) @ 2Ghz core/1.5(12)Ghz mem
Storage Samsumg 960 Pro m2. 512Gb
Display(s) Dell Ultrasharp 27" (2560x1440)
Case Lian Li PC-V33WX
Audio Device(s) On Board
Power Supply Seasonic Prime TItanium 850
Software W10
Benchmark Scores Look, it's a Ryzen on air........ What's the point?
#4
This attack does not gain access to the network, nor does it require the attacker to be "connected" to the network. If it works, it lets you decrypt some (or in some cases, all) traffic sent between a client and the access point.
Yeah, I misread but it does require physical proximity. So really, public WiFi is more susceptible. HTTPS sites are still secure as well.
 
Joined
Sep 24, 2008
Messages
2,470 (0.73/day)
Likes
613
Location
Hillsboro, Oregon, USA
System Name Dire Wolf II
Processor Intel Core i7 7820HQ (2.9Ghz, up to 3.9Ghz)
Motherboard HP 8275
Memory 32GB DDR4 2400Mhz
Video Card(s) Sapphire R9 Fury Nitro OC 4GB (Thunderbolt3 eGPU), nVidia Quadro M1200 (GTX750Ti) 4GB GDDR5
Storage HP NVMe 256GB
Display(s) HP Z27q (5120x2880) + Dell P2715Q (3840x2160)
Case HP ZBook 15 G4
Audio Device(s) Musiland Monitor 02 US, Skullcandy SLYR
Power Supply 150W HP PSU (for Laptop) + Corsair RM550x (for eGPU)
Mouse Logitech G400
Keyboard Corsair K95 RGB
Software Windows 10 Enterprise 64-bit
#5
Yeah, since it requires you to intercept/disrupt/inject traffic, this means that you need to be within WiFi radio range of the targets. I think the main worry here is for small business owners (no real IT department, but might still be using sensitive data). For most people on a computer at home this is not an issue because they are not a worthwhile target and the likely clients (Desktop/Laptop OSes) will be patched sooner rather than later. I wonder how long it is going to take to patch Android phones, though. IoT, as always, is screwed.
 
Last edited:
Joined
Jan 29, 2012
Messages
4,480 (2.09/day)
Likes
3,637
Location
Boca Raton, Florida
System Name natr0n-PC
Processor Phenom II X6 1100T @ 3.7 GHz - NB 3.0 GHz | Xeon E3-1290
Motherboard MSI 970 Gaming | Asus Sabertooth Z77
Cooling TRUE 120 |Deep Cool Assassin
Memory Gskill Ripjaws X - 16GB DDR3 (4x4GB)
Video Card(s) MSI 7970 Twin Frozr III BE OC - 1100/1500
Storage Crucial MX300 525GB + Multiple Mechs
Display(s) SyncMaster 2343BWX 23" 2048x1152 / Dell 1909W 19" 1440x900
Case Sunbeam Transformer Silver - frame is built like a tank
Audio Device(s) X-Fi Extreme Music | X-Fi Titanium - Bookshelf system
Power Supply Corsair TX650 v1
Software Windows XP/7/8.1/10
Benchmark Scores Xeon E3-1290 cpuz world record
#6
When you see kids in the neighborhood start walking around with laptops you'll know WPA2 has been compromised.
 
Joined
Feb 2, 2015
Messages
1,416 (1.35/day)
Likes
1,100
Location
On The Highway To Hell \m/
System Name Game Beast 3.1
Processor i5 3570K
Motherboard MSI Z77A-GD65 Gaming
Cooling Enermax LIQMAX II 120S + ARCTIC Accelero Xtreme IV 280(X)
Memory Team Xtreem LV 2666 DDR3 16GB (2 x 8GB)
Video Card(s) MSI R9 280X Gaming 3G OC
Storage WD Black SATA-III 1TB + Lexar JumpDrive S23 USB 3.0 16GB
Display(s) RCA 32" LED HDTV 1080p 60Hz + NOKIA 445Xi 21" CRT 1600x1200 75Hz
Case Oldy but a goody(ancient Dell ATX)
Audio Device(s) Not yet
Power Supply Corsair RM1000i
Mouse LED Dell USB
Keyboard Non-mechanical Micron PS/2
Software Windows 10 Pro 64
Benchmark Scores Heaven: 1128 Valley: 2265 Superposition 1080p Extreme: 2357 Fire Strike: 10490 Time Spy: 3208
#7
Joined
Sep 24, 2008
Messages
2,470 (0.73/day)
Likes
613
Location
Hillsboro, Oregon, USA
System Name Dire Wolf II
Processor Intel Core i7 7820HQ (2.9Ghz, up to 3.9Ghz)
Motherboard HP 8275
Memory 32GB DDR4 2400Mhz
Video Card(s) Sapphire R9 Fury Nitro OC 4GB (Thunderbolt3 eGPU), nVidia Quadro M1200 (GTX750Ti) 4GB GDDR5
Storage HP NVMe 256GB
Display(s) HP Z27q (5120x2880) + Dell P2715Q (3840x2160)
Case HP ZBook 15 G4
Audio Device(s) Musiland Monitor 02 US, Skullcandy SLYR
Power Supply 150W HP PSU (for Laptop) + Corsair RM550x (for eGPU)
Mouse Logitech G400
Keyboard Corsair K95 RGB
Software Windows 10 Enterprise 64-bit
#8
That is correct. However updates of the sort tend to be pushed via driver updates (there are no standalone utilities for FW updates for most Wifi devices), and driver updates get pushed via OS updates (on windows, at least, but that's what most people use at home).

EDIT: It might not be correct (and it might be in the OS implementation of the protocol, and not the FW), after all. Seeing as Microsoft states the following.
 
Joined
Feb 2, 2015
Messages
1,416 (1.35/day)
Likes
1,100
Location
On The Highway To Hell \m/
System Name Game Beast 3.1
Processor i5 3570K
Motherboard MSI Z77A-GD65 Gaming
Cooling Enermax LIQMAX II 120S + ARCTIC Accelero Xtreme IV 280(X)
Memory Team Xtreem LV 2666 DDR3 16GB (2 x 8GB)
Video Card(s) MSI R9 280X Gaming 3G OC
Storage WD Black SATA-III 1TB + Lexar JumpDrive S23 USB 3.0 16GB
Display(s) RCA 32" LED HDTV 1080p 60Hz + NOKIA 445Xi 21" CRT 1600x1200 75Hz
Case Oldy but a goody(ancient Dell ATX)
Audio Device(s) Not yet
Power Supply Corsair RM1000i
Mouse LED Dell USB
Keyboard Non-mechanical Micron PS/2
Software Windows 10 Pro 64
Benchmark Scores Heaven: 1128 Valley: 2265 Superposition 1080p Extreme: 2357 Fire Strike: 10490 Time Spy: 3208
#9
Well that's good to know. But I would assume since WiFi device vendors are releasing firmware updates that specifically address the issue it can probably be handled on both ends. It might not be necessary to do both. I just updated my router's firmware just in case. Actually...before I knew about the Windows patch. It didn't mention the fixes specifically. Just "fixes security issues" and it's dated from 9-21-17. Which is after the vendor was notified. So hopefully they did something about it. If not, whatever, I always keep my OS up to date anyway.

Here's an example of a patched firmware that specifically addresses the issue.
https://kb.netgear.com/000049349/WNAP320-Firmware-Version-3-7-7-0
 

Solaris17

Creator Solaris Utility DVD
Joined
Aug 16, 2005
Messages
19,262 (4.28/day)
Likes
6,067
Location
Florida
System Name Not named yet
Processor I5 7640x 5Ghz 24/7
Motherboard MSI x299 Tomahawk Arctic
Cooling Corsair H55
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Gigabyte 1080TI
Storage 2x Seagate 3TB Drives (RAID 0) 1x Seagate 256GB SSD 1x Adata 120GB SSD
Display(s) 3x AOC Q2577PWQ
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Onboard on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Tyon White
Keyboard Ducky Shine 6
Software Windows 10 x64 Pro
#10
That is correct. However updates of the sort tend to be pushed via driver updates (there are no standalone utilities for FW updates for most Wifi devices), and driver updates get pushed via OS updates (on windows, at least, but that's what most people use at home).

EDIT: It might not be correct (and it might be in the OS implementation of the protocol, and not the FW), after all. Seeing as Microsoft states the following.
meh its just MS protecting it on their side. You need to patch the actual device to protect the entire network (not just windows machines)
 
Joined
Sep 24, 2008
Messages
2,470 (0.73/day)
Likes
613
Location
Hillsboro, Oregon, USA
System Name Dire Wolf II
Processor Intel Core i7 7820HQ (2.9Ghz, up to 3.9Ghz)
Motherboard HP 8275
Memory 32GB DDR4 2400Mhz
Video Card(s) Sapphire R9 Fury Nitro OC 4GB (Thunderbolt3 eGPU), nVidia Quadro M1200 (GTX750Ti) 4GB GDDR5
Storage HP NVMe 256GB
Display(s) HP Z27q (5120x2880) + Dell P2715Q (3840x2160)
Case HP ZBook 15 G4
Audio Device(s) Musiland Monitor 02 US, Skullcandy SLYR
Power Supply 150W HP PSU (for Laptop) + Corsair RM550x (for eGPU)
Mouse Logitech G400
Keyboard Corsair K95 RGB
Software Windows 10 Enterprise 64-bit
#11
From the disclosure page:
What if there are no security updates for my router?
Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.

This attack is not on the router, it is on the client. So unless your router is a client to something else, it is not in the attack vector. There is no "protecting the whole network" in this case, as the compromised data is the one between a specific (unpatched) client and the router. Having this patch available for Windows systems means that most home users are already patched (unless they disabled windows updates on the OSes where that is possible).
 

Solaris17

Creator Solaris Utility DVD
Joined
Aug 16, 2005
Messages
19,262 (4.28/day)
Likes
6,067
Location
Florida
System Name Not named yet
Processor I5 7640x 5Ghz 24/7
Motherboard MSI x299 Tomahawk Arctic
Cooling Corsair H55
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Gigabyte 1080TI
Storage 2x Seagate 3TB Drives (RAID 0) 1x Seagate 256GB SSD 1x Adata 120GB SSD
Display(s) 3x AOC Q2577PWQ
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Onboard on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Tyon White
Keyboard Ducky Shine 6
Software Windows 10 x64 Pro
#12
In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
you literally stated the hardware attack vectors. This is big for business. You seem to be focusing on

For ordinary home users, your priority should be updating clients such as laptops and smartphones.
 
Joined
Sep 24, 2008
Messages
2,470 (0.73/day)
Likes
613
Location
Hillsboro, Oregon, USA
System Name Dire Wolf II
Processor Intel Core i7 7820HQ (2.9Ghz, up to 3.9Ghz)
Motherboard HP 8275
Memory 32GB DDR4 2400Mhz
Video Card(s) Sapphire R9 Fury Nitro OC 4GB (Thunderbolt3 eGPU), nVidia Quadro M1200 (GTX750Ti) 4GB GDDR5
Storage HP NVMe 256GB
Display(s) HP Z27q (5120x2880) + Dell P2715Q (3840x2160)
Case HP ZBook 15 G4
Audio Device(s) Musiland Monitor 02 US, Skullcandy SLYR
Power Supply 150W HP PSU (for Laptop) + Corsair RM550x (for eGPU)
Mouse Logitech G400
Keyboard Corsair K95 RGB
Software Windows 10 Enterprise 64-bit
#13
Yes, it is huge for businesses, but they also have devices that tend to have good support...at least the ones that have actual IT departments. Small businesses might be screwed, or not even aware of this at all. I was indeed talking about the usual home use case of a single WiFi router and people's devices connecting to it. In that case roaming doesn't exist and the router is not a client as a repeater, Windows is the most common OS, and that is patched.

Overall, this is still a huge issue.
 

Solaris17

Creator Solaris Utility DVD
Joined
Aug 16, 2005
Messages
19,262 (4.28/day)
Likes
6,067
Location
Florida
System Name Not named yet
Processor I5 7640x 5Ghz 24/7
Motherboard MSI x299 Tomahawk Arctic
Cooling Corsair H55
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Gigabyte 1080TI
Storage 2x Seagate 3TB Drives (RAID 0) 1x Seagate 256GB SSD 1x Adata 120GB SSD
Display(s) 3x AOC Q2577PWQ
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Onboard on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Tyon White
Keyboard Ducky Shine 6
Software Windows 10 x64 Pro
#14
Yes, it is huge for businesses, but they also have devices that tend to have good support...at least the ones that have actual IT departments
having physical devices that have support and are getting patched is not the same as

This attack is not on the router, it is on the client.

Overall, this is still a huge issue.
Completely agree but its important to understand the full scope not the 80% affected. Thats all. I encourage everyone to to patch up before this makes it into a tool kit for 16yr/o to play with.
 
Joined
Jan 13, 2015
Messages
31 (0.03/day)
Likes
7
#15
General user here, so what can I do to protect my data other than HTTPS? My router has been depreciated, and none of my mobile devices have received updates yet.
 

OneMoar

There is Always Moar
Joined
Apr 9, 2010
Messages
7,342 (2.62/day)
Likes
3,957
Location
Rochester area
System Name Kreij Lives On
Processor Intel Core i5 4670K @ 4.4Ghz 1.32V
Motherboard ASUS Maximus VI Gene Z87
Cooling Reeven Okeanos Single 140MM Fan +2 SP120 White's
Memory 16GB kingston hyper x @ 2133 @ 11 11 11 32
Video Card(s) EVGA GTX 1060 ACX Copper Single fan
Storage 240gb Cruical MX200SSD/WD Blue 1TB
Display(s) Samsung S24D300/HP2071D
Case Custom Full Aluminum By ST.o.CH <3
Audio Device(s) onboard
Power Supply HX 750i
Mouse Roccat KONE
Keyboard Rocatt ISKU with ISKUFX keycaps
Software Windows 10 +startisback
#16
#patched
people blew this way out of proportion
 

Solaris17

Creator Solaris Utility DVD
Joined
Aug 16, 2005
Messages
19,262 (4.28/day)
Likes
6,067
Location
Florida
System Name Not named yet
Processor I5 7640x 5Ghz 24/7
Motherboard MSI x299 Tomahawk Arctic
Cooling Corsair H55
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Gigabyte 1080TI
Storage 2x Seagate 3TB Drives (RAID 0) 1x Seagate 256GB SSD 1x Adata 120GB SSD
Display(s) 3x AOC Q2577PWQ
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Onboard on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Tyon White
Keyboard Ducky Shine 6
Software Windows 10 x64 Pro
#17
General user here, so what can I do to protect my data other than HTTPS? My router has been depreciated, and none of my mobile devices have received updates yet.
just keep checking for updates, they wont come all at once,
 
Joined
Aug 22, 2010
Messages
198 (0.07/day)
Likes
87
Location
Germany
#18
Intel Corporation was notified by the Industry Consortium for Advancement of Security on the Internet (ICASI) and CERT CC of the identified Wi-Fi Protected Access II (WPA2) standard protocol vulnerability. Intel is an ICASI Charter member and part of the coordinated disclosure of this issue. Intel is working with its customers and system manufacturers to implement and validate firmware and software updates that address the vulnerability. For more details, please refer to Intel’s security advisory on this vulnerability - INTEL-SA-00101

Updated WiFi Drivers are available.
 
Joined
Aug 20, 2007
Messages
7,358 (1.95/day)
Likes
6,493
System Name New Genesis
Processor AMD Ryzen 7 1800X @ 4.1GHz All Cores
Motherboard GIGABYTE Aorus Gaming 5
Cooling Noctua NH-U14S CPU Cooler with dual fans,4x 120mm Sunon MagLev Blowers and 2x 120mm Corsair ML120Pro
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-1T
Video Card(s) EVGA Geforce GTX 1080 FTW2 w /iCX Cooler
Storage HGST Ultrastar 7k6000 2TB HDD w/ 128MBs of Cache
Display(s) Benq BL3200PT 1440p 32" LCD w/ AU Optronics AMVA true 10-bit 100% sRGB Panel
Case Thermaltake Core X31
Audio Device(s) Onboard Toslink to Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus TItanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Keycaps, Blue legends
Software Windows 10 Enterprise (From former workplace, yay no telemetry)
Benchmark Scores TS/FS Extreme: 10562: https://www.3dmark.com/fs/14260421 3575: https://www.3dmark.com/spy/2816092
#19

OneMoar

There is Always Moar
Joined
Apr 9, 2010
Messages
7,342 (2.62/day)
Likes
3,957
Location
Rochester area
System Name Kreij Lives On
Processor Intel Core i5 4670K @ 4.4Ghz 1.32V
Motherboard ASUS Maximus VI Gene Z87
Cooling Reeven Okeanos Single 140MM Fan +2 SP120 White's
Memory 16GB kingston hyper x @ 2133 @ 11 11 11 32
Video Card(s) EVGA GTX 1060 ACX Copper Single fan
Storage 240gb Cruical MX200SSD/WD Blue 1TB
Display(s) Samsung S24D300/HP2071D
Case Custom Full Aluminum By ST.o.CH <3
Audio Device(s) onboard
Power Supply HX 750i
Mouse Roccat KONE
Keyboard Rocatt ISKU with ISKUFX keycaps
Software Windows 10 +startisback
#20
Yeah, not on the "world's most popular operating system" :rolleyes:

Hint: not Windows.
check again it was patched before this was posted on Reddit e.g last week on the 10th

https://www.windowscentral.com/microsoft-releases-statement-krack-wi-fi-vulnerability\

its stdop for this kind of disclosure to be made though back-channels to vendors before going public

ddwrt had a patch in-source next day

same for openwrt

asus and tplink are rolling firmware updates for supported models
 
Joined
Sep 24, 2008
Messages
2,470 (0.73/day)
Likes
613
Location
Hillsboro, Oregon, USA
System Name Dire Wolf II
Processor Intel Core i7 7820HQ (2.9Ghz, up to 3.9Ghz)
Motherboard HP 8275
Memory 32GB DDR4 2400Mhz
Video Card(s) Sapphire R9 Fury Nitro OC 4GB (Thunderbolt3 eGPU), nVidia Quadro M1200 (GTX750Ti) 4GB GDDR5
Storage HP NVMe 256GB
Display(s) HP Z27q (5120x2880) + Dell P2715Q (3840x2160)
Case HP ZBook 15 G4
Audio Device(s) Musiland Monitor 02 US, Skullcandy SLYR
Power Supply 150W HP PSU (for Laptop) + Corsair RM550x (for eGPU)
Mouse Logitech G400
Keyboard Corsair K95 RGB
Software Windows 10 Enterprise 64-bit
#21
A small update with regards to the Microsoft fix. The fix itself is sufficient to solve the issue on Windows, even if your WiFi device has no driver update, with one caveat:

Does this security update fully address these vulnerabilities on Microsoft Platforms, or do I need to perform any additional steps to be fully protected?
The provided security updates address the reported vulnerabilities; however, when affected Windows based systems enter a connected standby mode in low power situations, the vulnerable functionality may be offloaded to installed Wi-Fi hardware. To fully address potential vulnerabilities, you are also encouraged to contact your Wi-Fi hardware vendor to obtain updated device drivers. For a listing of affected vendors with links to their documentation, review the ICASI Multi-Vendor Vulnerability Disclosure statement here: http://www.icasi.org/wi-fi-protected-access-wpa-vulnerabilities

Source: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
 

FordGT90Concept

"I go fast!1!11!1!"
Joined
Oct 13, 2008
Messages
20,908 (6.24/day)
Likes
10,003
Location
IA, USA
System Name BY-2015
Processor Intel Core i7-6700K (4 x 4.00 GHz) w/ HT and Turbo on
Motherboard MSI Z170A GAMING M7
Cooling Scythe Kotetsu
Memory 2 x Kingston HyperX DDR4-2133 8 GiB
Video Card(s) PowerColor PCS+ 390 8 GiB DVI + HDMI
Storage Crucial MX300 275 GB, Seagate 6 TB 7200 RPM
Display(s) Samsung SyncMaster T240 24" LCD (1920x1200 HDMI) + Samsung SyncMaster 906BW 19" LCD (1440x900 DVI)
Case Coolermaster HAF 932 w/ USB 3.0 5.25" bay
Audio Device(s) Realtek Onboard, Micca OriGen+
Power Supply Enermax Platimax 850w
Mouse SteelSeries Sensei RAW
Keyboard Tesoro Excalibur
Software Windows 10 Pro 64-bit
Benchmark Scores Faster than the tortoise; slower than the hare.
#22
Guys, guys, guys! The vulnerability is in TKIP/GCMP, not AES! If you're using WPA2/TKIP...
 
Joined
Sep 24, 2008
Messages
2,470 (0.73/day)
Likes
613
Location
Hillsboro, Oregon, USA
System Name Dire Wolf II
Processor Intel Core i7 7820HQ (2.9Ghz, up to 3.9Ghz)
Motherboard HP 8275
Memory 32GB DDR4 2400Mhz
Video Card(s) Sapphire R9 Fury Nitro OC 4GB (Thunderbolt3 eGPU), nVidia Quadro M1200 (GTX750Ti) 4GB GDDR5
Storage HP NVMe 256GB
Display(s) HP Z27q (5120x2880) + Dell P2715Q (3840x2160)
Case HP ZBook 15 G4
Audio Device(s) Musiland Monitor 02 US, Skullcandy SLYR
Power Supply 150W HP PSU (for Laptop) + Corsair RM550x (for eGPU)
Mouse Logitech G400
Keyboard Corsair K95 RGB
Software Windows 10 Enterprise 64-bit
#23
From the disclosure page:
I'm using WPA2 with only AES. That's also vulnerable?
Yes, that network configuration is also vulnerable. The attack works against both WPA1 and WPA2, against personal and enterprise networks, and against any cipher suite being used (WPA-TKIP, AES-CCMP, and GCMP). So everyone should update their devices to prevent the attack!
 

FordGT90Concept

"I go fast!1!11!1!"
Joined
Oct 13, 2008
Messages
20,908 (6.24/day)
Likes
10,003
Location
IA, USA
System Name BY-2015
Processor Intel Core i7-6700K (4 x 4.00 GHz) w/ HT and Turbo on
Motherboard MSI Z170A GAMING M7
Cooling Scythe Kotetsu
Memory 2 x Kingston HyperX DDR4-2133 8 GiB
Video Card(s) PowerColor PCS+ 390 8 GiB DVI + HDMI
Storage Crucial MX300 275 GB, Seagate 6 TB 7200 RPM
Display(s) Samsung SyncMaster T240 24" LCD (1920x1200 HDMI) + Samsung SyncMaster 906BW 19" LCD (1440x900 DVI)
Case Coolermaster HAF 932 w/ USB 3.0 5.25" bay
Audio Device(s) Realtek Onboard, Micca OriGen+
Power Supply Enermax Platimax 850w
Mouse SteelSeries Sensei RAW
Keyboard Tesoro Excalibur
Software Windows 10 Pro 64-bit
Benchmark Scores Faster than the tortoise; slower than the hare.
#24
Original white paper:
https://papers.mathyvanhoef.com/ccs2017.pdf
Simplified, against AES-CCMP an adversary can replay and decrypt (but not forge) packets. This makes it possible to hijack TCP streams and inject malicious data into them.
Decryption is potentially a problem but trying to hijack a TCP stream is very difficult. First you have to figure out what type of data is, then you have to add code that the receiving program will execute. That's a complicated attack.

AES-SIV is resistant.

http://www.icasi.org/wi-fi-protected-access-wpa-vulnerabilities/
https://www.kb.cert.org/vuls/id/228519
 
Last edited:
Joined
Feb 2, 2015
Messages
1,416 (1.35/day)
Likes
1,100
Location
On The Highway To Hell \m/
System Name Game Beast 3.1
Processor i5 3570K
Motherboard MSI Z77A-GD65 Gaming
Cooling Enermax LIQMAX II 120S + ARCTIC Accelero Xtreme IV 280(X)
Memory Team Xtreem LV 2666 DDR3 16GB (2 x 8GB)
Video Card(s) MSI R9 280X Gaming 3G OC
Storage WD Black SATA-III 1TB + Lexar JumpDrive S23 USB 3.0 16GB
Display(s) RCA 32" LED HDTV 1080p 60Hz + NOKIA 445Xi 21" CRT 1600x1200 75Hz
Case Oldy but a goody(ancient Dell ATX)
Audio Device(s) Not yet
Power Supply Corsair RM1000i
Mouse LED Dell USB
Keyboard Non-mechanical Micron PS/2
Software Windows 10 Pro 64
Benchmark Scores Heaven: 1128 Valley: 2265 Superposition 1080p Extreme: 2357 Fire Strike: 10490 Time Spy: 3208
#25
Also don't use your router in bridge mode, or mobile hotspot with WiFi data offloading enabled, without patched firmware.
NETGEAR is aware of WPA-2 security vulnerabilities that affect NETGEAR products that connect to WiFi networks as clients. These vulnerabilities are potentially exploitable under the following conditions:

  • Your devices are only vulnerable if an attacker is in physical proximity to and within wireless range of your network.
  • Routers and gateways are only affected when in bridge mode (which is not enabled by default and not used by most customers). A WPA-2 handshake is initiated by a router in bridge mode only when connecting or reconnecting to a router.
  • Extenders, Arlo cameras, and satellites are affected during a WPA-2 handshake that is initiated only when connecting or reconnecting to a router.
  • Mobile hotspots are only affected while using WiFi data offloading, which is not enabled by default.
If these vulnerabilities are exploited, an attacker could potentially perform the following types of attacks, among others:

  • Eavesdrop on communication between the affected product and the router to which it connects.
  • Hijack unencrypted web sessions (sessions not using HTTPS). Encrypted traffic, such as banking website sessions and Arlo camera feeds, remains protected.
______________________


Until a firmware fix is available for your product, NETGEAR recommends that you follow these workaround procedures:

https://kb.netgear.com/000049498/Se...ies-PSV-2017-2826-PSV-2017-2836-PSV-2017-2837
 
Status
Not open for further replies.