WPA2 protocol used by vast majority of wifi connections has been broken

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
User avatar
F150HD
Posts: 1143
Joined: Fri Sep 18, 2015 7:49 pm

WPA2 protocol used by vast majority of wifi connections has been broken

Post by F150HD » Mon Oct 16, 2017 5:33 am

This was just on FOX Business this morning....was hoping someone deep in the know can offer some input on this issue.

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks.

https://www.krackattacks.com/

Wifi security is vulnerable to hacking, US government warns

WPA2 protocol used by vast majority of wifi connections has been broken by Belgian researchers, highlighting potential for internet traffic to be exposed


https://www.theguardian.com/technology/ ... ment-warns

http://mashable.com/2017/10/16/wi-fi-wp ... Vba01BYiqW

(Was going to put this in the https everywhere thread but pondered it was worthy of a new thread ?)

User avatar
jhfenton
Posts: 2181
Joined: Sat Feb 07, 2015 11:17 am
Location: Ohio

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by jhfenton » Mon Oct 16, 2017 7:15 am

It's definitely worthy of a new thread. I saw the news yesterday from some security folks on Twitter.

I hope that fixes will be widely and quickly deployed by vendors, but that will only help folks aware of the problem and savvy enough to update the firmware on their routers. Fortunately, it can be fixed from the client side alone, so Apple and Google can address the largest target population.

rkhusky
Posts: 4405
Joined: Thu Aug 18, 2011 8:09 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by rkhusky » Mon Oct 16, 2017 7:53 am

The above articles say that https is still secure, as are VPN's.

User avatar
Peculiar_Investor
Posts: 964
Joined: Thu Oct 20, 2011 12:23 am
Location: Calgary, AB
Contact:

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by Peculiar_Investor » Mon Oct 16, 2017 8:01 am

From what I've read this morning, WiFi Key Reinstallation Attack breaks WPA2 encryption - gHacks Tech News, appears to be a major issue that everyone who has a home Wi-Fi router needs to understand. It also seems to have a major impact to Android users.
Researchers have discovered a flaw in the Wi-Fi standard that attackers may use to eavesdrop on wireless network traffic even if WPA2 is used for protection.

Key Reinstallation Attacks, or Krack Attacks, work against all Wi-Fi networks protected by WPA2, and may in some cases be used to inject and manipulate data as well. The attack works against WPA and WPA2 standards, and against personal and Enterprise networks that implement Wi-Fi.
The flaw exists in the actual standard, so it's not a coding error.
Good news is that it is possible to patch the issue. However, a firmware update needs to be released by the manufacturer of the router, access point or client. The researchers note that any device that uses Wi-Fi is likely vulnerable to the attack.
From another article, Severe WiFi security flaw puts millions of devices at risk
The problem is made worse by Android and Linux, which, thanks to a bug in the WPA2 standard, don't force the client to demand a unique encryption key each time. Rather, they allow a key to be cleared and replaced by an "all-zero encryption key," foiling a key part of the handshake process. In some cases, a script can also force a connection to bypass HTTPS, exposing usernames, passwords and other critical data.

<snip>

If you still doubt the seriousness of it, Alex Hudson, for one, is actually advising Android users to "turn off WiFi on these devices until fixes are applied." He adds that "you can think of this a little bit like your firewall being defeated."

As such, you can protect yourself to a great extent by sticking with sites that have solid, proven HTTPS security. And of course, the attack won't work unless the attacker is nearby and can physically access your network.
Lastly, for the less technical, an article from the BBC, Wi-fi security flaw 'puts devices at risk of hacks' - BBC News.

Hopefully manufacturers will promptly address this issue and provide a fix. From what I've read so far this morning, Android phone users should be very careful about which Wi-Fi connections they use.

If you have a Wi-Fi router, you should be checking the manufacturer's website over the next couple of weeks to see if there is a firmware update available for your router. For those with ancient, unsupported routers, it might be worthwhile to consider upgrading to a newer, supported version.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams

jebmke
Posts: 6893
Joined: Thu Apr 05, 2007 2:44 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by jebmke » Mon Oct 16, 2017 8:04 am

Many routers will not be updated. It seems like manufacturers are fairly quick to take models off support. I suppose in this case they might release security firmware patches but it does pay to look at the mfr web site to determine if new firmware is available once this has been patched on the newest hardware.
When you discover that you are riding a dead horse, the best strategy is to dismount.

ResearchMed
Posts: 5354
Joined: Fri Dec 26, 2008 11:25 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by ResearchMed » Mon Oct 16, 2017 8:05 am

If one has a router through, say, Comcast, does Comcast have to push some sort of firmware when it's available?

RM
This signature is a placebo. You are in the control group.

mouth
Posts: 72
Joined: Sun Apr 19, 2015 6:40 am

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by mouth » Mon Oct 16, 2017 8:07 am

If you have a Wi-Fi router, you should be checking the manufacturer's website over the next couple of weeks to see if there is a firmware update available for your router. For those with ancient, unsupported routers, it might be worthwhile to consider upgrading to a newer, supported version.
Not true. A patched client (like your phone) will ensure protection. From the source:
Do we now need WPA3?

No, luckily implementations can be patched in a backwards-compatible manner. This means a patched client can still communicate with an unpatched access point, and vice versa. In other words, a patched client or access points sends exactly the same handshake messages as before, and at exactly the same moments in time. However, the security updates will assure a key is only installed once, preventing our attacks. So again, update all your devices once security updates are available.

User avatar
House Blend
Posts: 4238
Joined: Fri May 04, 2007 1:02 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by House Blend » Mon Oct 16, 2017 10:04 am

According to the KRACK site, it is the client devices that are the most vulnerable, not wifi routers:
Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.

azurekep
Posts: 950
Joined: Tue Jun 16, 2015 7:16 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by azurekep » Mon Oct 16, 2017 11:33 am

The protocol I've developed after seeing my own and others' mistakes in networking (including mistakes by my ISP) is that if I don't thoroughly understand the technology and keep on top of it, and I don't "really" need it, I disable it.

Thus, for home networking, I have had wi-fi disabled for quite some time and remain wired.

That's an extreme stance, but I opt for safety over convenience most f the time.

If I were to go back to wi-fi, I'd look into the techniques to shape the footprint of the signal so that it remains centred on the house with minimal leakage to the street.

User avatar
BolderBoy
Posts: 3401
Joined: Wed Apr 07, 2010 12:16 pm
Location: Colorado

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by BolderBoy » Mon Oct 16, 2017 11:53 am

azurekep wrote:
Mon Oct 16, 2017 11:33 am
If I were to go back to wi-fi, I'd look into the techniques to shape the footprint of the signal so that it remains centred on the house with minimal leakage to the street.
One easy [though not 100% effective] way to do this is to disable the 2.4gHz radio and only use 5gHz band radio(s).
“Where you stand, depends on where you sit” - Rufus Miles | "Never underestimate one's capacity to overestimate one's abilities"

User avatar
jhfenton
Posts: 2181
Joined: Sat Feb 07, 2015 11:17 am
Location: Ohio

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by jhfenton » Mon Oct 16, 2017 12:09 pm

ResearchMed wrote:
Mon Oct 16, 2017 8:05 am
If one has a router through, say, Comcast, does Comcast have to push some sort of firmware when it's available?

RM
They should be able to. My telecom employer will as soon as we get patches from the manufacturer. Our gateways have a client on them that periodically checks for SW updates. But we don't know when that will be.

User avatar
telemark
Posts: 2061
Joined: Sat Aug 11, 2012 6:35 am

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by telemark » Mon Oct 16, 2017 12:20 pm

This makes no sense:
The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available.
If the problem is in the standard, then patching individual products can't fix it. If individual products can be patched, then the problem isn't the standard. And in fact they say at a later point
Do we now need WPA3?

No, luckily implementations can be patched in a backwards-compatible manner. This means a patched client can still communicate with an unpatched access point, and vice versa. In other words, a patched client or access points sends exactly the same handshake messages as before, and at exactly the same moments in time. However, the security updates will assure a key is only installed once, preventing our attacks. So again, update all your devices once security updates are available.
Personally, I have many older wifi devices (a third-gen iPod touch, a Nook HD+, a Nexus 7 from 2013) for which there will almost certainly never be a patch available.

User avatar
telemark
Posts: 2061
Joined: Sat Aug 11, 2012 6:35 am

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by telemark » Mon Oct 16, 2017 1:57 pm

telemark wrote:
Mon Oct 16, 2017 12:20 pm
This makes no sense:
On further reading I think it's just unclearly worded. Rather than saying the flaw "is in" the standard, I would say that the attack exploits a feature of the standard, so that many implementations are vulnerable, but that existing implementations can be modified to mitigate this abuse without modifying the standard. But that's just me playing with words.

URSnshn
Posts: 100
Joined: Sun Mar 13, 2016 6:10 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by URSnshn » Mon Oct 16, 2017 5:33 pm

I'm not an expert, but I think this article explains what it is - and what we can do about it nicely. The last bit is pretty easy to understand.

https://nakedsecurity.sophos.com/2017/1 ... hat-to-do/

Also, this is a short video that explains the issue:

http://www.bbc.com/news/av/technology-4 ... explained

Do the article or the video above miss anything important for the average person?

SittingOnTheFence
Posts: 201
Joined: Sun Sep 27, 2015 5:30 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by SittingOnTheFence » Mon Oct 16, 2017 8:21 pm

BolderBoy wrote:
Mon Oct 16, 2017 11:53 am
One easy [though not 100% effective] way to do this is to disable the 2.4gHz radio and only use 5gHz band radio(s).
Except I have a number of devices that don't work on 5ghz. There goes that easy fix.
------

[new comment]
I've read that this vulnerability has been known for a number of months to give vendors time to fix it. The release of the publicly undisclosed vulnerability was timed to this past weekend. There are probably lots of vendors who still need to fix things but some have already done it.

azurekep
Posts: 950
Joined: Tue Jun 16, 2015 7:16 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by azurekep » Mon Oct 16, 2017 8:25 pm

SittingOnTheFence wrote:
Mon Oct 16, 2017 8:21 pm

I've read that this vulnerability has been known for a number of months to give vendors time to fix it. The release of the publicly undisclosed vulnerability was timed to this past weekend.
I bet Equifax is behind the release.

They'll do anything to get out of the news. :twisted:

User avatar
VictoriaF
Posts: 17515
Joined: Tue Feb 27, 2007 7:27 am
Location: Black Swan Lake

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by VictoriaF » Mon Oct 16, 2017 8:36 pm

azurekep wrote:
Mon Oct 16, 2017 8:25 pm
SittingOnTheFence wrote:
Mon Oct 16, 2017 8:21 pm

I've read that this vulnerability has been known for a number of months to give vendors time to fix it. The release of the publicly undisclosed vulnerability was timed to this past weekend.
I bet Equifax is behind the release.

They'll do anything to get out of the news. :twisted:
It's still preferable that they play with WPA2 than roll hurricanes and blow fires.

Victoria
WINNER of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)

boglesmind
Posts: 102
Joined: Sun Jan 05, 2014 1:07 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by boglesmind » Mon Oct 16, 2017 9:38 pm

House Blend wrote:
Mon Oct 16, 2017 10:04 am
According to the KRACK site, it is the client devices that are the most vulnerable, not wifi routers:
Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
See WiFi is broken – here's the companies that have already fixed it"

Boglesmind

DiggleRex
Posts: 146
Joined: Fri Sep 29, 2017 7:17 am

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by DiggleRex » Tue Oct 17, 2017 2:38 am

boglesmind wrote:
Mon Oct 16, 2017 9:38 pm
[*]Netgear and many other router manufacturers have firmware updates. https://kb.netgear.com/000049498/Securi ... -2017-2837
Does anyone know why the netgear R6400 is missing from that list? It seems to be just about the only model missing but it's still a very popular router.

Uniballer
Posts: 77
Joined: Thu Apr 20, 2017 9:55 am

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by Uniballer » Tue Oct 17, 2017 4:55 am

Ongoing discussion of KRACK at Schneier on Security - provides some insight into security community goings-on behind the scenes.

gd
Posts: 1226
Joined: Sun Nov 15, 2009 8:35 am
Location: MA, USA

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by gd » Tue Oct 17, 2017 6:25 am

As far as I can tell, you must fix your devices also. So, for example, anyone with an iPad 3 (I have 2 I use daily with no plans to replace) or using WiFi with Windows XP is permanently exposed. I suspect my older Republic WIreless phones, with custom firmware from RW, will also be permanently exposed.

Curious if anyone knows of documented cases where things like this were used against individuals resulting in loss-- it seems to be a relatively unproductive attack; you're not going to suddenly get complete access to someone's life in a Starbucks. A skilled hacker parking next to a careless bank, CIA facility or brokerage house for a few days maybe, but checking your bank balance or making an Amazon purchase in a random coffee shop?

User avatar
nisiprius
Advisory Board
Posts: 34168
Joined: Thu Jul 26, 2007 9:33 am
Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by nisiprius » Tue Oct 17, 2017 6:26 am

1) It does appear that the attacker needs to be within WiFi range of my router. You can interpret that as "attacker need only be within WiFi range of my router" or "attacker must be within WiFi range of my router," but either way it does mean that the degree of risk depends on who you are and where you are. I think I know my neighbors, there aren't any unmarked trucks parked near my house, etc.

2) On the other hand, please tell me if I'm interpreting this correctly. Seemingly the latest firmware available for my router is dated July 13, 2016, so I assume that it has not been patched for KRACK yet. I've had enough bad experiences with firmware updates that I'm not in a hurry to do one if I'm not reasonably sure it fixes the current vulnerability.

https://www.linksys.com/us/support-arti ... Num=148523
Linksys LLC

Product: Linksys E1200, Wireless-N Router
Hardware Version: 2 & 2.2
Classification: Firmware Release History
Release Date: July 13, 2016

Last Firmware Version: 2.0.07 (build 2)

Note: This firmware is only compatible with hardware version 2 (v2) and 2.2 (v2.2), but not with hardware version 1 (v1).

Firmware 2.0.07 (build 5)
- Fixed WPS enabling issue via WebGUI.
- Fixed parental control issue when entering with correct password.

Firmware 2.0.07 (build 2)
- CE EN300328 V1.8.1 compliance.
- Addressed various security vulnerabilities.
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.

susze
Posts: 134
Joined: Sun Jul 27, 2008 2:26 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by susze » Tue Oct 17, 2017 6:32 am

This is all a tiny bit overblown by the media right?

You have to be targeted its not an attack that can be started from the internet like heartbleed and the hacker needs to physically be at the location and hack each router individually. The verge has the details. Also https sites seem to be secure altho those could be attacked from MTM methods as we all know regardless of this.

So long and short is that you need to be targeted and if you are targeted regardless of what security you have you will be compromised even if you have an air gapped computer with no wifi or internet(stuxnet) so i guess lesson is be nice to your neighbors :)
Last edited by susze on Tue Oct 17, 2017 8:06 am, edited 2 times in total.

User avatar
jhfenton
Posts: 2181
Joined: Sat Feb 07, 2015 11:17 am
Location: Ohio

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by jhfenton » Tue Oct 17, 2017 7:36 am

You do have to be targeted. They do have to be within wifi range of your house. It can be fixed by patching clients. Those all minimize the likelihood of damage.

But, it affects every unpatched client, including IoT devices like smart doorbells and locks and wifi security cameras. How quickly will those be patched, if ever? And if an IoT device's wifi connection is hacked, can it be hijacked (i.e. taken over, not just read)? If it can be hijacked, we have a bigger problem, because then they're potentially inside your home network. I've read conflicting statements on this issue.

For me, I have a particular vulnerability, because I use a wireless bridge between an 802.11ac hardwired router downstairs and an identical router upstairs. My upstairs computers (and gadgets) are hardwired to the upstairs router. The bridge maximizes my connection speed compared to direct connections from the devices themselves. (I typically get 400 Mbps over the bridge with the router's giant antennas, and a fraction of that from the computers directly. My 2012 Mac only has 802.11n built in, so it has limited wifi speed to begin with. We have gigabit fiber service and test out at 850-900 Mbps download speed, so I do benefit from the speed of the bridge.)

But my arrangement means that my entire upstairs infrastructure is operating over a WPA2-secured wifi connection. In the meantime, I've turned on the VPN service I subscribe to and left it turned on. That should obscure the traffic from snooping.

User avatar
Peculiar_Investor
Posts: 964
Joined: Thu Oct 20, 2011 12:23 am
Location: Calgary, AB
Contact:

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by Peculiar_Investor » Tue Oct 17, 2017 8:13 am

Further reading of KRACK Attacks: Breaking WPA2 indicates the problem has been known within the industry for quite a while, giving vendors time to address the issue before it became public.
When did you first notify vendors about the vulnerability?

We sent out notifications to vendors whose products we tested ourselves around 14 July 2017. After communicating with these vendors, we realized how widespread the weaknesses we discovered are (only then did I truly convince myself it was indeed a protocol weaknesses and not a set of implementation bugs). At that point, we decided to let CERT/CC help with the disclosure of the vulnerabilities. In turn, CERT/CC sent out a broad notification to vendors on 28 August 2017.
From what I've read, recent software updates from Microsoft and Apple have quietly addressed the issue, which is how the system is supposed to work. Those in the security industry find and report the problems to software vendors and generally give them around 60 days to identify and resolve the issue before going public with the security hole and potential exploit(s).
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams

User avatar
VictoriaF
Posts: 17515
Joined: Tue Feb 27, 2007 7:27 am
Location: Black Swan Lake

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by VictoriaF » Tue Oct 17, 2017 8:32 am

Peculiar_Investor wrote:
Tue Oct 17, 2017 8:13 am
From what I've read, recent software updates from Microsoft and Apple have quietly addressed the issue, which is how the system is supposed to work.
I marked on my calendar the 2nd Wednesday of each month as the day to install Microsoft patches, update Adobe Flash, and do full scans of my computers with the antivirus and MalwareBytes.

I also check for and install updates almost every day and do quick scans almost every day. If I learn about significant exploits between my monthly full scans, I install patches and do full scans immediately, and then again according to my calendar.

I learn about significant exploits from Brian Krebs's email.

Victoria
WINNER of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)

AntsOnTheMarch
Posts: 318
Joined: Mon May 29, 2017 5:47 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by AntsOnTheMarch » Tue Oct 17, 2017 8:48 am

For those of us who don’t speak geek, I assume Mac OS X Sierra is patched or will be soon? Running Lion on one Mac (for legacy software purposes) but since AirPort Extreme Wi-Fi router is not likely to ever be patched (discontinued), I will upgrade to Sierra. Don’t want to go to high Sierra any time soon though.

glock19
Posts: 76
Joined: Thu May 03, 2012 9:49 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by glock19 » Tue Oct 17, 2017 9:22 am

jhfenton wrote:
Tue Oct 17, 2017 7:36 am
You do have to be targeted. They do have to be within wifi range of your house. It can be fixed by patching clients. Those all minimize the likelihood of damage.

It looks like a basic first step for those maintaining a small home network is to go into the router settings and turn the wireless signal down to the lowest level possible. This way it's possible to prevent an intruder from even seeing your network.

Also, I'm wondering if turning off the broadcasting of your network's SSID could help deter invasions??

susze
Posts: 134
Joined: Sun Jul 27, 2008 2:26 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by susze » Tue Oct 17, 2017 9:46 am

glock19 wrote:
Tue Oct 17, 2017 9:22 am
jhfenton wrote:
Tue Oct 17, 2017 7:36 am
You do have to be targeted. They do have to be within wifi range of your house. It can be fixed by patching clients. Those all minimize the likelihood of damage.

It looks like a basic first step for those maintaining a small home network is to go into the router settings and turn the wireless signal down to the lowest level possible. This way it's possible to prevent an intruder from even seeing your network.

Also, I'm wondering if turning off the broadcasting of your network's SSID could help deter invasions??
I dont have the article but I believe keeping your SSID hidden actually causes more vulnerabilities. Just keeps it from random people snooping not sophisticated hackers. It could be patched but I dont remember.

Also if you are targeted you are more than likely screwed regardless of whatever security you have.
Last edited by susze on Tue Oct 17, 2017 9:48 am, edited 1 time in total.

User avatar
jhfenton
Posts: 2181
Joined: Sat Feb 07, 2015 11:17 am
Location: Ohio

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by jhfenton » Tue Oct 17, 2017 9:47 am

glock19 wrote:
Tue Oct 17, 2017 9:22 am
Also, I'm wondering if turning off the broadcasting of your network's SSID could help deter invasions??
No. Anyone sophisticated enough to be wardriving in your neighborhood in order the execute this attack will not be slowed down by an unbroadcast SSID.
glock19 wrote:
Tue Oct 17, 2017 9:22 am
It looks like a basic first step for those maintaining a small home network is to go into the router settings and turn the wireless signal down to the lowest level possible. This way it's possible to prevent an intruder from even seeing your network.
Maybe if you live in a small apartment. Otherwise I wouldn't consider making my wifi network practically useless to be a basic first step. :oops:

User avatar
F150HD
Posts: 1143
Joined: Fri Sep 18, 2015 7:49 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by F150HD » Tue Oct 17, 2017 10:11 am

can someone comment on router firewall settings? will they help w/ this?

I noticed yesterday mine were on 'low', sounds like thats a default setting.

Do most folks put them on medium or high? (drawbacks to this?)

I did set mine to 'medium' if it matters.

Does having a software firewall (via ones Internet Security software) and the router firewall make a big difference in security? (does the redundancy hurt anything? or help anything?)

Thanks.

CULater
Posts: 467
Joined: Sun Nov 13, 2016 10:59 am

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by CULater » Tue Oct 17, 2017 10:11 am

I've always figured that my greatest protection from hacking my home WiFi was the fact that someone needs to be within range to do it, and it seems improbable that anybody is going to be interested enough in Mr. Small Potatoes to bother. Encryption of the WiFi signal was just an extra layer of insurance. So, in this case the insurance is being offered by an insurer who won't pay out and the primary insurance of being a worthless small fry will have to be enough.
May you have the hindsight to know where you've been, The foresight to know where you're going, And the insight to know when you've gone too far. ~ Irish Blessing

billthecat
Posts: 106
Joined: Tue Jan 24, 2017 2:50 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by billthecat » Tue Oct 17, 2017 10:23 am

  • If either the client device or the router is fixed, then the hack won't work
  • you have to be physically present. Hardly a risk at home, higher risk in, say, an airport
  • although you have to be "targeted" it is easy to grab the packets from all clients
  • it doesn't affect encrypted connections like https (which nearly everyone uses today, including the Bogleheads forums), VPN, etc. But due to the man in the middle nature of the hack, it can strip out the https (SSL) encryption, tricking you login without an encrypted connection (*if* the site allows for that), and it can then grab your login information. All that assumes you don't notice the lock or other indicator of an encrypted connection going away.
  • it doesn't reveal your network key, just the packets of unencrypted information. So not so good for things like network cameras (which are poorly supported), maybe no big deal for a smart thermostat.
  • Apple's network products (Time Capsule, etc.) are not affected https://www.imore.com/krack So any client that connects to those are fine
  • Apple's other client products (macos, iOS, etc.) have a patch already in beta

rebellovw
Posts: 241
Joined: Tue Aug 16, 2016 4:30 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by rebellovw » Tue Oct 17, 2017 10:30 am

billthecat wrote:
Tue Oct 17, 2017 10:23 am
  • If either the client device or the router is fixed, then the hack won't work
  • you have to be physically present. Hardly a risk at home, higher risk in, say, an airport
  • although you have to be "targeted" it is easy to grab the packets from all clients
  • it doesn't affect encrypted connections like https (which nearly everyone uses today, including the Bogleheads forums), VPN, etc. But due to the man in the middle nature of the hack, it can strip out the https (SSL) encryption, tricking you login without an encrypted connection, and it can then grab your login information. All that assumes you don't notice the lock or other indicator of an encrypted connection going away.
  • it doesn't reveal your network key, just the packets of unencrypted information. So not so good for things like network cameras (which are poorly supported), maybe no big deal for a smart thermostat.
  • Apple's network products (Time Capsule, etc.) are not affected https://www.imore.com/krack So any client that connects to those are fine
  • Apple's other client products (macos, iOS, etc.) have a patch already in beta
Finally a voice of reason. Attacker needs physical access to your router directly to initiate the breach.

ResearchMed
Posts: 5354
Joined: Fri Dec 26, 2008 11:25 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by ResearchMed » Tue Oct 17, 2017 10:43 am

rebellovw wrote:
Tue Oct 17, 2017 10:30 am
billthecat wrote:
Tue Oct 17, 2017 10:23 am
  • If either the client device or the router is fixed, then the hack won't work
  • you have to be physically present. Hardly a risk at home, higher risk in, say, an airport
  • although you have to be "targeted" it is easy to grab the packets from all clients
  • it doesn't affect encrypted connections like https (which nearly everyone uses today, including the Bogleheads forums), VPN, etc. But due to the man in the middle nature of the hack, it can strip out the https (SSL) encryption, tricking you login without an encrypted connection, and it can then grab your login information. All that assumes you don't notice the lock or other indicator of an encrypted connection going away.
  • it doesn't reveal your network key, just the packets of unencrypted information. So not so good for things like network cameras (which are poorly supported), maybe no big deal for a smart thermostat.
  • Apple's network products (Time Capsule, etc.) are not affected https://www.imore.com/krack So any client that connects to those are fine
  • Apple's other client products (macos, iOS, etc.) have a patch already in beta
Finally a voice of reason. Attacker needs physical access to your router directly to initiate the breach.
Physical access to the router? Really?
I haven't previously read anything suggesting this.

If this is correct, then the "problem" is much less of a concern for many, as an attacker would need to get inside first in most cases.
[Is it correct?]

Being "nearby" (e.g., lurking in the bushes under the home office window, or parked in a car in front of the house) isn't the same as "physical access to [the] router directly..."

Something being overlooked by many is the fact that there have already been patches (apparently as of last week), e.g., to several recent versions of Windows. (Is this information correct? Difficult to know what info is accurate when these situations are first widely disclosed.)

RM
This signature is a placebo. You are in the control group.

User avatar
F150HD
Posts: 1143
Joined: Fri Sep 18, 2015 7:49 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by F150HD » Tue Oct 17, 2017 10:56 am

susze wrote:
Tue Oct 17, 2017 9:46 am
I dont have the article but I believe keeping your SSID hidden actually causes more vulnerabilities.
would definitely like clarification on that?

User avatar
F150HD
Posts: 1143
Joined: Fri Sep 18, 2015 7:49 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by F150HD » Tue Oct 17, 2017 10:59 am

CULater wrote:
Tue Oct 17, 2017 10:11 am
I've always figured that my greatest protection from hacking my home WiFi was the fact that someone needs to be within range to do it, and it seems improbable that anybody is going to be interested enough in Mr. Small Potatoes to bother.
Sit in a Starbucks by a large condo or apartment unit and hack 100's of people all day. Doesn't sound that improbable to me.

User avatar
F150HD
Posts: 1143
Joined: Fri Sep 18, 2015 7:49 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by F150HD » Tue Oct 17, 2017 10:59 am

rebellovw wrote:
Tue Oct 17, 2017 10:30 am

Finally a voice of reason. Attacker needs physical access to your router directly to initiate the breach.
I have not read that anywhere either.

User avatar
telemark
Posts: 2061
Joined: Sat Aug 11, 2012 6:35 am

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by telemark » Tue Oct 17, 2017 11:06 am

billthecat wrote:
Tue Oct 17, 2017 10:23 am
  • If either the client device or the router is fixed, then the hack won't work
Do you have a reference that says fixing the router will protect client devices? I've been reading as much as I can find and haven't been able to find a definite statement one way or the other. For example, as far as I can parse it, this one leaves both possibilities on the table.
What if there are no security updates for my router?

Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
P.S. Now that I read it again, it seems to suggest that clients are vulnerable even if the router is not.

azurekep
Posts: 950
Joined: Tue Jun 16, 2015 7:16 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by azurekep » Tue Oct 17, 2017 11:41 am

In the past, I have seen detailed maps of router locations in residential areas. I looked up my own neighborhood and saw the SSIDs and/or router types of some of my neighbors. Based on some of the SSID names, I got the feeling some of these residents were not tech-savvy since the SSIDs included their real names or the names of their children.

When thinking about security I like to "think like a criminal" and what I was worried about was:

- Hackers could look up affluent areas on the map
- They could identify the SSID for individual houses that looked like good targets
- They could drive into the area and park near the targeted house
- They could run their hacker scripts to see if the targeted router was secured by one of the less secure protocols
- They could then proceed to pretend they are eating lunch in their car while compromising the targeted router and collecting data

In a quick search, I couldn't find the map site I used before, but this site sort of shows the concept:

IGiGLE: Irongeek's WiGLE WiFi Database to Google Earth Client for Wardrive Mapping
http://www.irongeek.com/i.php?page=secu ... ve-mapping

As someone mostly uninformed re: wireless technology, this didn't look comforting. But I may be missing something.

At any rate, as indicated before, there are ways to limit the signal bleeding to the street in addition to applying patches.

boglesmind
Posts: 102
Joined: Sun Jan 05, 2014 1:07 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by boglesmind » Tue Oct 17, 2017 11:42 am

DiggleRex wrote:
Tue Oct 17, 2017 2:38 am
boglesmind wrote:
Mon Oct 16, 2017 9:38 pm
[*]Netgear and many other router manufacturers have firmware updates. https://kb.netgear.com/000049498/Securi ... -2017-2837
Does anyone know why the netgear R6400 is missing from that list? It seems to be just about the only model missing but it's still a very popular router.
Not all netgear routers are explicitly listed. So log into your router and check for updates, the security fix may show up.
Boglesmind

billthecat
Posts: 106
Joined: Tue Jan 24, 2017 2:50 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by billthecat » Tue Oct 17, 2017 11:46 am

telemark wrote:
Tue Oct 17, 2017 11:06 am
billthecat wrote:
Tue Oct 17, 2017 10:23 am
  • If either the client device or the router is fixed, then the hack won't work
Do you have a reference that says fixing the router will protect client devices? I've been reading as much as I can find and haven't been able to find a definite statement one way or the other. For example, as far as I can parse it, this one leaves both possibilities on the table.
What if there are no security updates for my router?

Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
P.S. Now that I read it again, it seems to suggest that clients are vulnerable even if the router is not.
It's an evolving point. See, for example, this information from IBM which first said either (for "this attack") and then was changed to both (for "these attacks"): https://security.stackexchange.com/a/171405

I think it depends on the specific type of attack. For the 4-way handshake specifically, you only need one patched. But for "fast bss transition" attacks, both have to be patched. Repaters (between the client and router) have to be patched.

Still, I highly doubt anyone is going to park outside my house and try to grab packets. But near a company, government building, etc., that's another story.

AntsOnTheMarch
Posts: 318
Joined: Mon May 29, 2017 5:47 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by AntsOnTheMarch » Tue Oct 17, 2017 12:05 pm

There *may* be a suburban bias in some of this advice. I used to lived in a home on one acre. I’d never worry there about anyone physically getting in range to mess with my Wi-Fi. I’d see the person and they’d be very conspicuous. I now live in a condo in town and I can see every Wi-Fi in the building plus nearby coffee shops, restaurants, nail salons, etc. Different strokes.

Also, instead of thinking Kremlin type hackers, there is also chance of a kiddy hack type attack where a tween visiting grandma decides to test out his/her skills for no other reason than they can. No way grandma is gonna know about it or stop it and once things are compromised...well, just say my first line of defense is to not let that happen.

rebellovw
Posts: 241
Joined: Tue Aug 16, 2016 4:30 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by rebellovw » Tue Oct 17, 2017 12:11 pm

ResearchMed wrote:
Tue Oct 17, 2017 10:43 am
rebellovw wrote:
Tue Oct 17, 2017 10:30 am
billthecat wrote:
Tue Oct 17, 2017 10:23 am
  • If either the client device or the router is fixed, then the hack won't work
  • you have to be physically present. Hardly a risk at home, higher risk in, say, an airport
  • although you have to be "targeted" it is easy to grab the packets from all clients
  • it doesn't affect encrypted connections like https (which nearly everyone uses today, including the Bogleheads forums), VPN, etc. But due to the man in the middle nature of the hack, it can strip out the https (SSL) encryption, tricking you login without an encrypted connection, and it can then grab your login information. All that assumes you don't notice the lock or other indicator of an encrypted connection going away.
  • it doesn't reveal your network key, just the packets of unencrypted information. So not so good for things like network cameras (which are poorly supported), maybe no big deal for a smart thermostat.
  • Apple's network products (Time Capsule, etc.) are not affected https://www.imore.com/krack So any client that connects to those are fine
  • Apple's other client products (macos, iOS, etc.) have a patch already in beta
Finally a voice of reason. Attacker needs physical access to your router directly to initiate the breach.
Physical access to the router? Really?
I haven't previously read anything suggesting this.

If this is correct, then the "problem" is much less of a concern for many, as an attacker would need to get inside first in most cases.
[Is it correct?]

Being "nearby" (e.g., lurking in the bushes under the home office window, or parked in a car in front of the house) isn't the same as "physical access to [the] router directly..."

Something being overlooked by many is the fact that there have already been patches (apparently as of last week), e.g., to several recent versions of Windows. (Is this information correct? Difficult to know what info is accurate when these situations are first widely disclosed.)

RM

https://www.forbes.com/sites/thomasbrew ... f8b4fa2ba9

Ok - I've reread - and now fully understand. They do NOT need physical access - they just need to be within your wireless network. I was not correct.

So yes - if someone has access to your wireless network - they can try to join and use the hack to get in - plain and simple. No I have to find a patch.

Sorry for the confusion.

User avatar
telemark
Posts: 2061
Joined: Sat Aug 11, 2012 6:35 am

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by telemark » Tue Oct 17, 2017 12:26 pm

billthecat wrote:
Tue Oct 17, 2017 11:46 am
It's an evolving point. See, for example, this information from IBM which first said either (for "this attack") and then was changed to both (for "these attacks"): https://security.stackexchange.com/a/171405

I think it depends on the specific type of attack. For the 4-way handshake specifically, you only need one patched. But for "fast bss transition" attacks, both have to be patched. Repaters (between the client and router) have to be patched.

Still, I highly doubt anyone is going to park outside my house and try to grab packets. But near a company, government building, etc., that's another story.
Thanks, I will keep an eye on that thread. I agree the immediate risk is small and wish they wouldn't use words like devastating to describe it. Treating your home wifi as if it were public seems the most sensible course at the moment.

susze
Posts: 134
Joined: Sun Jul 27, 2008 2:26 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by susze » Tue Oct 17, 2017 5:26 pm

In all likelihood any hacker would probably target a small business or doctors/ medical place before an individual home or even apartment. .

Plus they are probably onto the next thing that no one yet knows about not this.

User avatar
Kenkat
Posts: 3797
Joined: Thu Mar 01, 2007 11:18 am
Location: Cincinnati, OH

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by Kenkat » Tue Oct 17, 2017 6:17 pm

boglesmind wrote:
Tue Oct 17, 2017 11:42 am
DiggleRex wrote:
Tue Oct 17, 2017 2:38 am
boglesmind wrote:
Mon Oct 16, 2017 9:38 pm
[*]Netgear and many other router manufacturers have firmware updates. https://kb.netgear.com/000049498/Securi ... -2017-2837
Does anyone know why the netgear R6400 is missing from that list? It seems to be just about the only model missing but it's still a very popular router.
Not all netgear routers are explicitly listed. So log into your router and check for updates, the security fix may show up.
Boglesmind
I have an R6400; when I checked for updates, none were found. I had previously updated the firmware a few months ago -I wonder if this vulnerability was addressed then?

AntsOnTheMarch
Posts: 318
Joined: Mon May 29, 2017 5:47 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by AntsOnTheMarch » Tue Oct 17, 2017 8:30 pm

billthecat wrote:
Tue Oct 17, 2017 10:23 am
  • Apple's network products (Time Capsule, etc.) are not affected https://www.imore.com/krack So any client that connects to those are fine
  • Apple's other client products (macos, iOS, etc.) have a patch already in beta

OK, running an AirPort Extreme router so all should be ok. Thanks for the link.

azurekep
Posts: 950
Joined: Tue Jun 16, 2015 7:16 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by azurekep » Tue Oct 17, 2017 9:23 pm

susze wrote:
Tue Oct 17, 2017 5:26 pm
In all likelihood any hacker would probably target a small business or doctors/ medical place before an individual home or even apartment. .
Who knows. I figure hackers have to start somewhere and they might go for the low-hanging fruit first. Like a doctor living in a nearby, affluent neighborhood dumb enough to have "MD" in the SSID. The hacker gets bragging rights for hacking a doctor, and gets the experience to go after bigger targets.
Last edited by azurekep on Tue Oct 17, 2017 10:00 pm, edited 1 time in total.

PFInterest
Posts: 394
Joined: Sun Jan 08, 2017 12:25 pm

Re: WPA2 protocol used by vast majority of wifi connections has been broken

Post by PFInterest » Tue Oct 17, 2017 9:34 pm

always auto update.
otherwise, this is a nonissue for the avg consumer.
anything not immediately up to date is always vulnerable.

Post Reply