Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- My Router
- :
- Re: Severe flaw in WPA2 protocol leaves Wi-Fi traf...
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 3:07 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 3:16 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 3:24 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
We are aware that there are news reports across the internet this morning in relation to customers security over their wi-fi networks. Our security and engineering teams are currently looking into this.
We will be updating you all once the teams have completed their reviews and we know more about the situation
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 7:24 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Microsoft have also fixed it.
the company “withheld disclosure until other vendors could develop and release updates.”
Source: The Verge
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
17-10-2017 11:44 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have been trying to work out how WPA works and when a wireless network is vulnerable. For example,
1. Is it constantly open to attack even though there is no wireless traffic?
2. Is it constantly vulnerable whilst there is wireless traffic between the portable device and router?
3. Is it vulnerable only when the initial connection between the mobile device and router is being set up?
Obviously if option 1 is the case then there is a major risk from 'drive by' attackers whilst option 3 would need much more patience (or a very bored and nosy neighbour).
Can any-one advise?
Moderator and Customer
If this helped - select the Thumb
If it fixed it, help others - select 'This Fixed My Problem'
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
17-10-2017 11:52 AM - edited 17-10-2017 11:54 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Apple have released an iOS update, and funnily enough the release notes do not mention it.
So obvious it was the reason, and companies are being quiet about it.
Bit of a coincidence the update was at the same time.
I spoke to a friend of mine and patches have been released to other systems.
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
17-10-2017 12:27 PM - edited 17-10-2017 12:31 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
https://m.imore.com/krack-wpa2-wi-fi-exploit-already-fixed-ios-macos-tvos-watchos-betas
So if you aren't in the public betas, then that's probably why it isn't in the release notes.
As has already been mentioned Linux, OpenBSD and Windows have been patched...
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
17-10-2017 2:59 PM - edited 17-10-2017 3:00 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@JonoH Could you please let us know if anything needs to be done on our end regarding Plusnet routers - I assume if there is a firmware update it will happen automatically?
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
18-10-2017 9:17 PM - edited 18-10-2017 9:18 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@JonoH Thank you for letting us know that the Plusnet team are looking into this
Can you give an ETA or a rough estimation of when you will have an answer or when an update will be available for the routers?
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
19-10-2017 5:59 AM - edited 19-10-2017 6:04 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
this indicates those routers where a patch has been issued https://www.windowscentral.com/vendors-who-have-patched-krack-wpa2-wi-fi-vulnerability with more info here
http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
19-10-2017 7:24 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Oldjim Thank you for that information however I use the Plusnet Hub One router what is manufactured by Sagemcom but this manufacture is not listed anywhere on these sites.
Unless I have the manufacture incorrect?
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
19-10-2017 8:01 AM - edited 19-10-2017 8:16 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
agreed - not yet
one thing does puzzle me is it appears that both the device and the router may need to be patched {please correct me if I am wrong) which may protect me a the only wifi access I give out is my guest network which is toatlly isolated from the main network as the login is completely different
also from here https://kb.netgear.com/000049498/Security-Advisory-for-WPA-2-Vulnerabilities-PSV-2017-2826-PSV-2017-...
NETGEAR is aware of WPA-2 security vulnerabilities that affect NETGEAR products that connect to WiFi networks as clients. These vulnerabilities are potentially exploitable under the following conditions:
- Your devices are only vulnerable if an attacker is in physical proximity to and within wireless range of your network.
- Routers and gateways are only affected when in bridge mode (which is not enabled by default and not used by most customers). A WPA-2 handshake is initiated by a router in bridge mode only when connecting or reconnecting to a router.
- Extenders, Arlo cameras, and satellites are affected during a WPA-2 handshake that is initiated only when connecting or reconnecting to a router.
- Mobile hotspots are only affected while using WiFi data offloading, which is not enabled by default.
If these vulnerabilities are exploited, an attacker could potentially perform the following types of attacks, among others:
- Eavesdrop on communication between the affected product and the router to which it connects.
- Hijack unencrypted web sessions (sessions not using HTTPS). Encrypted traffic, such as banking website sessions and Arlo camera feeds, remains protected.
It would appear that my Billion Router only includes Half Bridge Mode and that isn't enabled by default
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
19-10-2017 8:45 AM - edited 19-10-2017 9:26 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
one thing does puzzle me is it appears that both the device and the router may need to be patched {please correct me if I am wrong)
@Oldjim, yes devices and routers need patching but there is a very important distinction:
- routers are only vulnerable when in repeater mode, in other words if you have another router on your network that's sole purpose is to extend the range of the main access point. This second router must be patched
- all client devices must be patched: all wifi-capable phones, tablets, computers, smart TVs, you name it. These are the devices that an attacker will target since it's the client-side of the wifi handshake that's vulnerable to exploitation.
Routers in repeater mode are effectively a client of the main AP, hence why they are also vulnerable.
I think a lot of the media coverage on this isn't clear on these details, and a lot of the responsability is being foisted onto router manufacturers.
From the researcher's own publication, these are the most important takeaways:
What if there are no security updates for my router?
Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. [...]
For ordinary home users, your priority should be updating clients such as laptops and smartphones.
More:
Android and Linux
Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux.
Because Android uses wpa_supplicant, Android 6.0 and above also contains this vulnerability. This makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices. Note that currently 50% of Android devices are vulnerable to this exceptionally devastating variant of our attack.
Unless you also have a router in repeater mode on your network, what you must worry about first are your client devices, especially if they run Android!
Operating systems for other devices (eg: iOS, Windows Phone, etc) are also susceptible to attack, but they are harder to compromise than Android phones. The researcher is very clear that the flaw hits devices running Android and Linux the hardest, and attacking these devices is trivial.
If you have Android devices that no longer receive security updates, you have the following options:
- Disable wifi permanently
- See if your handheld can run an independent android distribution that does roll out security updates regularly (CyanogenMod / LineageOS)
- Buy a new device that is guaranteed to either have this issue patched, or will automatically be patched once turned on. Store staff may be able to help you with this
@JonoH, would PlusNet consider sending out a newsletter of sorts with these details? Seems a lot of misinformation/incomplete information is flying around the web and there will be many users that simply won't be aware or may not take the right steps to mitigate the problem 😐
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
19-10-2017 9:27 AM - edited 19-10-2017 9:29 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Looks like it leaves all my android devices unpatched but presumably only if they access a public wifi as connecting to my home router in almost all cases uses the isolated guest wifi
The chances of them being patched is non existent being cheap Chinese devices so I am not sure where that leaves me as the only things which are sensitive are email and they aren't secured (Plusnet hang your head in shame)
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
19-10-2017 10:28 AM - edited 19-10-2017 10:35 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Oh dear, Android strikes again!
I think Enable/Disable EAPOL Key Retries would stop android clients......... KONG for DD-WRT Users. go, go ,go
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- My Router
- :
- Re: Severe flaw in WPA2 protocol leaves Wi-Fi traf...