cancel
Showing results for 
Search instead for 
Did you mean: 

Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

dvorak
Moderator
Moderator
Posts: 29,473
Thanks: 6,623
Fixes: 1,482
Registered: ‎11-01-2008

Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

also the bug was under embargo so some vendors have fixed it already - you can add OpenBSD to the list.
Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
DaveyH
Champion
Posts: 1,946
Thanks: 453
Fixes: 12
Registered: ‎15-11-2012

Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Responsible disclosure as I said, i.e you find a bug, you report it to the affected parties and give them time to patch it before going public.
JonoH
Hero
Posts: 4,346
Thanks: 1,596
Fixes: 157
Registered: ‎29-09-2011

Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

We are aware that there are news reports across the internet this morning in relation to customers security over their wi-fi networks. Our security and engineering teams are currently looking into this.

 

 

We will be updating you all once the teams have completed their reviews and we know more about the situation

 Jono H
 Plusnet Community Manager
Browni
Aspiring Hero
Posts: 2,673
Thanks: 1,054
Fixes: 60
Registered: ‎02-03-2016

Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Microsoft have also fixed it.

the company “withheld disclosure until other vendors could develop and release updates.”

Source: The Verge

Baldrick1
Moderator
Moderator
Posts: 11,618
Thanks: 5,166
Fixes: 415
Registered: ‎30-06-2016

Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

I have been trying to work out how WPA works and when a wireless network is vulnerable. For example,

1. Is it constantly open to attack even though there is no wireless traffic?

2. Is it constantly vulnerable whilst there is wireless traffic between the portable device and router?

3. Is it vulnerable only when the initial connection between the mobile device and router is being set up?

Obviously if option 1 is the case then there is a major risk from 'drive by' attackers whilst option 3 would need much more patience (or a very bored and nosy neighbour).

Can any-one advise?

Moderator and Customer
If this helped - select the Thumb
If it fixed it,  help others - select 'This Fixed My Problem'

Alex
Community Veteran
Posts: 5,500
Thanks: 921
Fixes: 13
Registered: ‎05-04-2007

Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Apple have released an iOS update, and funnily enough the release notes do not mention it.

So obvious it was the reason, and companies are being quiet about it.

Bit of a coincidence the update was at the same time.

I spoke to a friend of mine and patches have been released to other systems.

DaveyH
Champion
Posts: 1,946
Thanks: 453
Fixes: 12
Registered: ‎15-11-2012

Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Apple have only patched the Betas of its various OS according to their chief fanboy/shill.

https://m.imore.com/krack-wpa2-wi-fi-exploit-already-fixed-ios-macos-tvos-watchos-betas

So if you aren't in the public betas, then that's probably why it isn't in the release notes.

As has already been mentioned Linux, OpenBSD and Windows have been patched...
johnskelton
Newbie
Posts: 4
Thanks: 2
Registered: ‎17-10-2017

Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

@JonoH Could you please let us know if anything needs to be done on our end regarding Plusnet routers - I assume if there is a firmware update it will happen automatically?

KarlosTheJackal
Newbie
Posts: 2
Registered: ‎18-10-2017

Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

@JonoH Thank you for letting us know that the Plusnet team are looking into this

 

Can you give an ETA or a rough estimation of when you will have an answer or when an update will be available for the routers?

Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

KarlosTheJackal
Newbie
Posts: 2
Registered: ‎18-10-2017

Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

@Oldjim Thank you for that information however I use the Plusnet Hub One router what is manufactured by Sagemcom but this manufacture is not listed anywhere on these sites.

 

Unless I have the manufacture incorrect?

Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

agreed - not yet

one thing does puzzle me is it appears that both the device and the router may need to be patched {please correct me if I am wrong) which may protect me a the only wifi access I give out is my guest network which is toatlly isolated from the main network as the login is completely different

also from here https://kb.netgear.com/000049498/Security-Advisory-for-WPA-2-Vulnerabilities-PSV-2017-2826-PSV-2017-...

NETGEAR is aware of WPA-2 security vulnerabilities that affect NETGEAR products that connect to WiFi networks as clients. These vulnerabilities are potentially exploitable under the following conditions:

  • Your devices are only vulnerable if an attacker is in physical proximity to and within wireless range of your network.
  • Routers and gateways are only affected when in bridge mode (which is not enabled by default and not used by most customers). A WPA-2 handshake is initiated by a router in bridge mode only when connecting or reconnecting to a router.
  • Extenders, Arlo cameras, and satellites are affected during a WPA-2 handshake that is initiated only when connecting or reconnecting to a router.  
  • Mobile hotspots are only affected while using WiFi data offloading, which is not enabled by default.

If these vulnerabilities are exploited, an attacker could potentially perform the following types of attacks, among others:

  • Eavesdrop on communication between the affected product and the router to which it connects.
  • Hijack unencrypted web sessions (sessions not using HTTPS). Encrypted traffic, such as banking website sessions and Arlo camera feeds, remains protected.

It would appear that my Billion Router only includes Half Bridge Mode and that isn't enabled by default

2017-10-19_081603.jpg

easuter
Dabbler
Posts: 13
Thanks: 11
Registered: ‎16-10-2017

Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

one thing does puzzle me is it appears that both the device and the router may need to be patched {please correct me if I am wrong) 

 

@Oldjim, yes devices and routers need patching but there is a very important distinction:

 

  • routers are only vulnerable when in repeater mode, in other words if you have another router on your network that's sole purpose is to extend the range of the main access point. This second router must be patched

  • all client devices must be patched: all wifi-capable phones, tablets, computers, smart TVs, you name it. These are the devices that an attacker will target since it's the client-side of the wifi handshake that's vulnerable to exploitation.

Routers in repeater mode are effectively a client of the main AP, hence why they are also vulnerable.

I think a lot of the media coverage on this isn't clear on these details, and a lot of the responsability is being foisted onto router manufacturers.

From the researcher's own publication, these are the most important takeaways:

 

What if there are no security updates for my router?

Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. [...]

For ordinary home users, your priority should be updating clients such as laptops and smartphones.

 

More:

Android and Linux

Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux. 

Because Android uses wpa_supplicant, Android 6.0 and above also contains this vulnerability. This makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices. Note that currently 50% of Android devices are vulnerable to this exceptionally devastating variant of our attack.

 

Unless you also have a router in repeater mode on your network, what you must worry about first are your client devices, especially if they run Android!

Operating systems for other devices (eg: iOS, Windows Phone, etc) are also susceptible to attack, but they are harder to compromise than Android phones. The researcher is very clear that the flaw hits devices running Android and Linux the hardest, and attacking these devices is trivial.

If you have Android devices that no longer receive security updates, you have the following options:

  • Disable wifi permanently
  • See if your handheld can run an independent android distribution that does roll out security updates regularly (CyanogenMod / LineageOS)
  • Buy a new device that is guaranteed to either have this issue patched, or will automatically be patched once turned on. Store staff may be able to help you with this

 

@JonoH, would PlusNet consider sending out a newsletter of sorts with these details? Seems a lot of misinformation/incomplete information is flying around the web and there will be many users that simply won't be aware or may not take the right steps to mitigate the problem 😐

 

 

Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Looks like it leaves all my android devices unpatched but presumably only if they access a public wifi as connecting to my home router in almost all cases uses the isolated guest wifi

The chances of them being patched is non existent being cheap Chinese devices so I am not sure where that leaves me as the only things which are sensitive are email and they aren't secured (Plusnet hang your head in shame)

30FTTC06
Pro
Posts: 2,286
Thanks: 108
Fixes: 4
Registered: ‎18-02-2013

Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Oh dear, Android strikes again!

I think Enable/Disable EAPOL Key Retries would stop android clients......... KONG for DD-WRT Users. go, go ,go