Skip to main content
Customer Support Customer Support

New KRACK Attack Breaks WPA2 WiFi Protocol

Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54
October 16, 2017  By Catalin Cimpanu
 


 
Mathy Vanhoef, a researcher from the University of Leuven (KU Leuven), has discovered a severe flaw in the Wi-Fi Protected Access II (WPA2) protocol that secures all modern protected Wi-Fi networks.
 
The flaw affects the WPA2 protocol itself and is not specific to any software or hardware product.
 
Vanhoef has named his attack KRACK, which stands for Key Reinstallation Attack. The researcher describes the attack as the following:
 
Our main attack is against the 4-way handshake of the WPA2 protocol. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to confirm that both the client and access point possess the correct credentials (e.g. the pre-shared password of the network). At the same time, the 4-way handshake also negotiates a fresh encryption key that will be used to encrypt all subsequent traffic. Currently, all modern protected Wi-Fi networks use the 4-way handshake. This implies all these networks are affected by (some variant of) our attack. For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES. All our attacks against WPA2 use a novel technique called a key reinstallation attack (KRACK). 
In simpler terms, KRACK allows an attacker to carry out a MitM and force network participants to reinstall the encryption key used to protected WPA2 traffic. The attack also doesn't recover WiFi passwords.
 
Full Article.
    TripleHelix
    1 person likes this
    • TripleHelix
      TripleHelix

    9 replies

    R
    Community Guide
    • retiredAntus67
    • Community Guide
    • 5988 replies
    • October 16, 2017
    According to this thread not so secure as we think? What's the solution for this exploit??
    RetiredTripleHelix
    Jasper_The_Rasper
    2 people like this
    • RetiredTripleHelix
      RetiredTripleHelix
    • Jasper_The_Rasper
      Jasper_The_Rasper
    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54
    October 16, 2017  By Lawrence Abrams
     


     
    As many people have read or will soon read, there is a vulnerability in the WPA2 wireless protocol called Krack that could allow attackers to eavesdrop on wireless connections and inject data into the wireless stream in order to install malware or modify web pages.
     
    To protect yourself, many WiFi product vendors will be releasing updated firmware and drivers for their products. It is strongly suggested that users update their hardware as soon as a update is available in order to protect themselves. This includes router firmware and wireless network card drivers.
     
    To help with this, I have created a list of known information regarding various WiFi vendors and whether new drivers are available. As this vulnerability is fairly new, there is little information available, I advise you to check this page throughout the coming days to see if new information is available. This page includes information resulting from contacting of vendors, CERT's informative page, and other sources.
     
    Full Article.
    RetiredTripleHelix
    J
    2 people like this
    • RetiredTripleHelix
      RetiredTripleHelix
    • J
      JP_
    RetiredTripleHelix
    Gold VIP
    Forum|alt.badge.img+56

    Microsoft has already fixed the Wi-Fi attack vulnerability

     
    https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-security-patches
    ProTruckDriver
    Jasper_The_Rasper
    Ssherjj
    4 people like this
    • ProTruckDriver
      ProTruckDriver
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • Ssherjj
      Ssherjj
    • rbarrow
      rbarrow
    RetiredTripleHelix
    Gold VIP
    Forum|alt.badge.img+56

    CVE-2017-13080 | Windows Wireless WPA Group Key Reinstallation Vulnerability

    Published: 10/16/2017 | Last Updated : 10/18/2017
     
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
    ProTruckDriver
    Jasper_The_Rasper
    Ssherjj
    3 people like this
    • ProTruckDriver
      ProTruckDriver
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • Ssherjj
      Ssherjj
    Ssherjj
    Moderator
    Forum|alt.badge.img+62
    • Ssherjj
    • Moderator
    • 21890 replies
    • October 20, 2017
    Thank you Daniel!;)
    Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.3.2}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
    ProTruckDriver
    RetiredTripleHelix
    Jasper_The_Rasper
    3 people like this
    • ProTruckDriver
      ProTruckDriver
    • RetiredTripleHelix
      RetiredTripleHelix
    • Jasper_The_Rasper
      Jasper_The_Rasper
    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54
    Thank you Daniel.
    ProTruckDriver
    RetiredTripleHelix
    E
    3 people like this
    • ProTruckDriver
      ProTruckDriver
    • RetiredTripleHelix
      RetiredTripleHelix
    • E
      Enigma
    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54


     
    October 20th, 2017  By Tom Spring
     
    Cisco said Wednesday that multiple Cisco wireless products are vulnerable to the recently identified Key Reinstallation Attacks (KRACK).
     
    On Monday, researchers revealed how the KRACK vulnerabilities plagued the WPA2 protocol used to secure all modern Wi-Fi networks. In their report, researchers demonstrated how the KRACK vulnerabilities can be abused to decrypt traffic from enterprise and consumer networks with varying degrees of difficulty.
     U.S. CERT advised users to patch immediately.
     
    Full Article.
    ProTruckDriver
    RetiredTripleHelix
    J
    4 people like this
    • ProTruckDriver
      ProTruckDriver
    • RetiredTripleHelix
      RetiredTripleHelix
    • J
      JP_
    • E
      Enigma
    R
    Community Guide
    • retiredAntus67
    • Community Guide
    • 5988 replies
    • October 20, 2017
    "The follow thread is a update on KRACK attach"
    =========================================================================

    Cisco Warns 69 Products Impacted by KRACK

    by Tom Spring  Cisco said Wednesday that multiple Cisco wireless products are vulnerable to the recently identified Key Reinstallation Attacks (KRACK).
    On Monday, researchers revealed how the KRACK vulnerabilities plagued the WPA2 protocol used to secure all modern Wi-Fi networks. In their report, researchers demonstrated how the KRACK vulnerabilities can be abused to decrypt traffic from enterprise and consumer networks with varying degrees of difficulty.
    U.S. CERT advised users to patch immediately.
    According to Cisco’s advisory, no patches are available at this time for the 10 KRACK-related CVEs. Cisco did list one workaround for a limited number of its products. For some older models of Cisco products, the company said “no fixes will be made available.”
    “Among these 10 vulnerabilities, only one (CVE-2017-13082) may affect components of the wireless infrastructure (for example, Access Points), the other nine vulnerabilities affect only client devices,” Cisco wrote in its Security Advisory. The KRACK vulnerabilities are rated “high” in severity by Cisco.
     
    full read here:
    ProTruckDriver
    RetiredTripleHelix
    E
    3 people like this
    • ProTruckDriver
      ProTruckDriver
    • RetiredTripleHelix
      RetiredTripleHelix
    • E
      Enigma
    RetiredTripleHelix
    Gold VIP
    Forum|alt.badge.img+56
    My ISP just said our modem/router are not affected, and this is my Gigabit Modem/Router Hitron CODA-4582U
     
    "Community,
     
    Earlier this week, I promised some updates and here we are. As soon as this vulnerability got disclosed, Rogers started working with third party suppliers to assess the situation and ensure that our customers are protected.
     
    First and foremost, some background information. The exploit is called KRACK for Key Reinstallation Attack. This exploit is comprised of 10 vulnerabilities. The first set of vulnerabilities allows the reinstallation of a pairwise transient key (PTK), a group key or an integrity key. A transient key is unique for each client and each session on the WiFi network. It is not the pre-shared key (a.k.a the WiFi password).
     
    The second set of vulnerabilities, still under evaluation can affect devices supporting Wireless Network Management (802.11v) extensions.
     
    Theoretically, reinstalling a key could allow an attacker to decrypt transmission between a client device and a WiFi access point but it does require the attacker to do within reach of your WiFi network. It is not a vulnerability that can be exploited remotely through the Internet for example.
     
    What’s next:
    We are currently assessing every single WiFi device in use at Rogers and applying the necessary corrections as they become available. What this means for us is that we are discussing with most third party suppliers and pushing upgrades as necessary. In parallel, we are conducting internal vulnerability assessments on the devices used by our clients to ensure that we reach the same conclusion.
     
    Since the vulnerability exist in a process call the 4-way handshake (between the client and access point), it is important to ensure that both sides are patched. This means that you should ensure to apply all the available security fixes from Microsoft, Apple, Google, etc. on computers, tablets and smartphones. Keep an eye open for updates available on other connected devices (thermostat, TV, fridges…).
     
    As for Rogers gateways, the assessment showed that none of the following gateways are impacted at the moment as none of them have 802.11r (Fast BSS Transition) enabled.
     
    List of NOT IMPACTED Rogers gateways (updated October 20, 2017 – 10AM)
    • Cisco/Technicolor DPC3825
    • Hitron CGN2
    • Hitron CGN3ROG
    • Hitron CGN3ACR
    • Hitron CGN3ACSMR
    • Hitron CGN3AMR
    • Hitron CGN3AMF
    • Hitron CGNM3552
    • Hitron CODA-4582
    • Hitron CODA-4582U
     
    Finally, although the vulnerability does not expose the actual WiFi password, it is a good practice to use a strong WiFi password and to change it periodically.
     
    --Dave"

     
    http://communityforums.rogers.com/t5/Internet/New-WIFI-WPA2-vulnerability-modem-updates-coming/m-p/405796#M48574
    ProTruckDriver
    Jasper_The_Rasper
    E
    3 people like this
    • ProTruckDriver
      ProTruckDriver
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • E
      Enigma

    Reply


    Terms & Conditions