To Customer Support To Customer Support

New KRACK Attack Breaks WPA2 WiFi Protocol

  • 16 October 2017
  • 9 replies
  • 9 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
October 16, 2017  By Catalin Cimpanu
 


 
Mathy Vanhoef, a researcher from the University of Leuven (KU Leuven), has discovered a severe flaw in the Wi-Fi Protected Access II (WPA2) protocol that secures all modern protected Wi-Fi networks.
 
The flaw affects the WPA2 protocol itself and is not specific to any software or hardware product.
 
Vanhoef has named his attack KRACK, which stands for Key Reinstallation Attack. The researcher describes the attack as the following:
 
Our main attack is against the 4-way handshake of the WPA2 protocol. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to confirm that both the client and access point possess the correct credentials (e.g. the pre-shared password of the network). At the same time, the 4-way handshake also negotiates a fresh encryption key that will be used to encrypt all subsequent traffic. Currently, all modern protected Wi-Fi networks use the 4-way handshake. This implies all these networks are affected by (some variant of) our attack. For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES. All our attacks against WPA2 use a novel technique called a key reinstallation attack (KRACK). 
In simpler terms, KRACK allows an attacker to carry out a MitM and force network participants to reinstall the encryption key used to protected WPA2 traffic. The attack also doesn't recover WiFi passwords.
 
Full Article.

9 replies

R
Rank
Userlevel 7
According to this thread not so secure as we think? What's the solution for this exploit??
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
October 16, 2017  By Lawrence Abrams
 


 
As many people have read or will soon read, there is a vulnerability in the WPA2 wireless protocol called Krack that could allow attackers to eavesdrop on wireless connections and inject data into the wireless stream in order to install malware or modify web pages.
 
To protect yourself, many WiFi product vendors will be releasing updated firmware and drivers for their products. It is strongly suggested that users update their hardware as soon as a update is available in order to protect themselves. This includes router firmware and wireless network card drivers.
 
To help with this, I have created a list of known information regarding various WiFi vendors and whether new drivers are available. As this vulnerability is fairly new, there is little information available, I advise you to check this page throughout the coming days to see if new information is available. This page includes information resulting from contacting of vendors, CERT's informative page, and other sources.
 
Full Article.
RetiredTripleHelix
Rank
Userlevel 7
Badge +56

Microsoft has already fixed the Wi-Fi attack vulnerability

 
https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-security-patches
RetiredTripleHelix
Rank
Userlevel 7
Badge +56

CVE-2017-13080 | Windows Wireless WPA Group Key Reinstallation Vulnerability

Published: 10/16/2017 | Last Updated : 10/18/2017
 
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
Ssherjj
Rank
Userlevel 7
Badge +62
Thank you Daniel!;)
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
Thank you Daniel.
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54


 
October 20th, 2017  By Tom Spring
 
Cisco said Wednesday that multiple Cisco wireless products are vulnerable to the recently identified Key Reinstallation Attacks (KRACK).
 
On Monday, researchers revealed how the KRACK vulnerabilities plagued the WPA2 protocol used to secure all modern Wi-Fi networks. In their report, researchers demonstrated how the KRACK vulnerabilities can be abused to decrypt traffic from enterprise and consumer networks with varying degrees of difficulty.
 U.S. CERT advised users to patch immediately.
 
Full Article.
R
Rank
Userlevel 7
"The follow thread is a update on KRACK attach"
=========================================================================

Cisco Warns 69 Products Impacted by KRACK

by Tom Spring  Cisco said Wednesday that multiple Cisco wireless products are vulnerable to the recently identified Key Reinstallation Attacks (KRACK).
On Monday, researchers revealed how the KRACK vulnerabilities plagued the WPA2 protocol used to secure all modern Wi-Fi networks. In their report, researchers demonstrated how the KRACK vulnerabilities can be abused to decrypt traffic from enterprise and consumer networks with varying degrees of difficulty.
U.S. CERT advised users to patch immediately.
According to Cisco’s advisory, no patches are available at this time for the 10 KRACK-related CVEs. Cisco did list one workaround for a limited number of its products. For some older models of Cisco products, the company said “no fixes will be made available.”
“Among these 10 vulnerabilities, only one (CVE-2017-13082) may affect components of the wireless infrastructure (for example, Access Points), the other nine vulnerabilities affect only client devices,” Cisco wrote in its Security Advisory. The KRACK vulnerabilities are rated “high” in severity by Cisco.
 
full read here:
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
My ISP just said our modem/router are not affected, and this is my Gigabit Modem/Router Hitron CODA-4582U
 
"Community,
 
Earlier this week, I promised some updates and here we are. As soon as this vulnerability got disclosed, Rogers started working with third party suppliers to assess the situation and ensure that our customers are protected.
 
First and foremost, some background information. The exploit is called KRACK for Key Reinstallation Attack. This exploit is comprised of 10 vulnerabilities. The first set of vulnerabilities allows the reinstallation of a pairwise transient key (PTK), a group key or an integrity key. A transient key is unique for each client and each session on the WiFi network. It is not the pre-shared key (a.k.a the WiFi password).
 
The second set of vulnerabilities, still under evaluation can affect devices supporting Wireless Network Management (802.11v) extensions.
 
Theoretically, reinstalling a key could allow an attacker to decrypt transmission between a client device and a WiFi access point but it does require the attacker to do within reach of your WiFi network. It is not a vulnerability that can be exploited remotely through the Internet for example.
 
What’s next:
We are currently assessing every single WiFi device in use at Rogers and applying the necessary corrections as they become available. What this means for us is that we are discussing with most third party suppliers and pushing upgrades as necessary. In parallel, we are conducting internal vulnerability assessments on the devices used by our clients to ensure that we reach the same conclusion.
 
Since the vulnerability exist in a process call the 4-way handshake (between the client and access point), it is important to ensure that both sides are patched. This means that you should ensure to apply all the available security fixes from Microsoft, Apple, Google, etc. on computers, tablets and smartphones. Keep an eye open for updates available on other connected devices (thermostat, TV, fridges…).
 
As for Rogers gateways, the assessment showed that none of the following gateways are impacted at the moment as none of them have 802.11r (Fast BSS Transition) enabled.
 
List of NOT IMPACTED Rogers gateways (updated October 20, 2017 – 10AM)
  • Cisco/Technicolor DPC3825
  • Hitron CGN2
  • Hitron CGN3ROG
  • Hitron CGN3ACR
  • Hitron CGN3ACSMR
  • Hitron CGN3AMR
  • Hitron CGN3AMF
  • Hitron CGNM3552
  • Hitron CODA-4582
  • Hitron CODA-4582U
 
Finally, although the vulnerability does not expose the actual WiFi password, it is a good practice to use a strong WiFi password and to change it periodically.
 
--Dave"

 
http://communityforums.rogers.com/t5/Internet/New-WIFI-WPA2-vulnerability-modem-updates-coming/m-p/405796#M48574

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.