Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- My Router
- :
- Severe flaw in WPA2 protocol leaves Wi-Fi traffic ...
Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 8:37 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 11:08 AM - edited 16-10-2017 11:26 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Official site of this exploit has gone live: https://www.krackattacks.com/
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 11:14 AM - edited 16-10-2017 2:23 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi Charles,
I registered here specifically because of this issue, as it will put a majority of wifi users' data at risk!
The important take-away from that article is that this flaw is present in the WPA standard, which means that it affects all devices that support it. The only way to have a secure network now is one of the following:
- Go back to using ethernet cables.
Disable the wifi capability of the PlusNet hub,and buy a wifi router from a vendor that has already announced a patch for this problem.Additionally, wifi client devices also need to be patched (smartphones, tablets, laptops). EDIT: see update below *
I'm going to be using a long-assed network cable for the foreseeable future...
As for PlusNet: what is the company doing to protect its customers' network privacy? Has the vendor of PlusNet's hubs/routers been contacted? Are they going to provide a patch? If yes, how is this patch going to be provided to us?
--------------------------
*EDIT:
After re-reading the FAQ the researchers wrote, the following is really the important part in mitigating this problem quickly:
What if there are no security updates for my router?
Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
So patching the hubs/routers is important, but the priority should be to install the latest security patches for mobile device operating systems (Windows, Mac, Linux, Android, etc).
Android devices may be especially at risk given how quickly vendors seem to declare them end-of-life, and have no centralized update policy...
Lastly: patching phones, tablets & laptops isn't something PlusNet can do, and it is not PlusNet's responsability. We as owners of the devices must make sure they are up-to-date!
It may be useful if PlusNet could send out some sort of warning as I imagine plenty of customers are likely to remain unaware of this problem...also let all all your friends and family know!
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 12:48 PM - edited 16-10-2017 12:58 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Reading the above, it seems that likely all wifi routers supplied by plusnet are vulnerable, and until either they, or all wifi clients on them are fixed, the network is essentially insecure.
The title is misleading, you can also inject packets pretending to be the clients or router, it's not only eavesdropping.
If the router is patched, there is no need to fix the clients.
If the router is not patched, you need to fix every single client, or someone can easily attack the internal network as that client, and read its traffic.
(for values of 'easy' where that is 'cares enough to learn' or waits a day or two at most for readily available crack solutions).
This is a proximity attack, it does nothing if the attacker is not within your network range. (which, with a good antenna can be quite a lot further than you think)
I do hope plusnets router makers are on the ball on this and updates are readily available.
One mitigation of course is to disable wifi on your AP and use a suitable patched AP instead. Openwrt has apparently already rolled out a patch.
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 1:01 PM - edited 16-10-2017 1:19 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I do hope plusnets router makers are on the ball on this and updates are readily available.
I had already posted a reply in this thread where I also asked what PlusNet was doing about this issue (ie: whether the hub vendor had been contacted, and how/if a patch would be supplied).
Unfortunately my post was here only for a couple of hours, then it was promptly deleted. Doesn't bode well...
(Moderator has released the post)
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 1:03 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I've just spoken to an IT friend of mine, and Apple have released a firmware update for iPhones.
They didn't mention the exploit - just other stuff in the notes.
I find it a bit coincidental a new release has been made so quickly, at this time.
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 1:17 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@easuter wrote:
Unfortunately my post was here only for a couple of hours, then it was promptly deleted. Doesn't bode well...
Hi @easuter, your original post wasn't deleted or moderated, but was caught in a spam filter.
I've released that post and should now display in the thread above, apologies for that
If it helped click the thumb
If it fixed it click 'This fixed my problem'
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 1:20 PM - edited 16-10-2017 1:20 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi @dvorak, thanks for clearing that up, and my apologies for the accusation; I've edited my post.
Cheers
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 1:57 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
As for PlusNet: what is the company doing to protect its customers' network privacy? Has the vendor of PlusNet's hubs/routers been contacted? Are they going to provide a patch? If yes, how is this patch going to be provided to us?
+1. I've also registered here specifically to find out what PlusNet is planning to do to protect us as customers. Will there be a patch for our routers? How will it be provided? Does the company have any official advice in the mean time?
Many thanks in advance.
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 2:02 PM - edited 16-10-2017 2:05 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi @sfw,
I've updated my original reply. While it is important that the access points receive updates, the immediate threat is unpatched wifi client devices, ie: smartphones, laptops, tablets.
Cheers
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 2:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 2:41 PM - edited 16-10-2017 2:43 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@dvorak, Yeah pretty much. Routers can be patched to mitigate some of the possible attacks (ie: if the router is in repeater mode, or fast roaming is enabled), but the the main attack vector is the client device.
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 2:44 PM - edited 16-10-2017 2:45 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I somewhat disagree.
If you are going out in public with your device, and connecting to unknown APs, then your behaviour should not change much, because you were already vulnerable to all of the bad things that could happen with this attack if the AP is compromised.
If you are only using VPN/https/ssh, the effects of this attack just mean that the threats widen from the AP provider (and any hackers who took over the AP) to people sitting next to you.
In the case of unfixed APs, all of the older and not-going-to-be updated devices are now a complete hole into your internal network, allowing outsiders into your network full of devices that are not easy or possible to secure.
I need to read the details with more coffee onboard though.
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 2:56 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I don't disagree with you regarding public networks; I don't use free wifi hotspots nor do I connect to any access points I don't trust.
However the takeaway I get from going over the researchers' website (not the Ars article) is that the priority for mitigating this flaw should be to patch the client devices. I'm not saying the APs shouldn't also be updated, but realistically I don't see many vendors actually providing firmware updates, let alone actually getting millions of users to deploy the patches if they are provided...
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
16-10-2017 3:04 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Alex wrote:I find it a bit coincidental a new release has been made so quickly, at this time.
Nothing suspicious about that, it's called responsible disclosure. Linux has been patched already too...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- My Router
- :
- Severe flaw in WPA2 protocol leaves Wi-Fi traffic ...