Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic open
Posted: 2017-10-16 14:14
There is another article here, it actually looks like a copy:The site went on to warn that visiting only HTTPS-protected Web pages wasn't automatically a remedy for the risk.
"Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations," the researchers explained. "For example, HTTPS was previously bypassed in ---- snip-----
as big as this flaw was, you may get an update for the router....If not, look into openWRT or DD-WRT, they work especially well for Linsys routers, DD-WRT works well with many other brands as well.n_hologram wrote:What precautions should be taken with a router? I'm pretty sure mine isn't getting another firmware update anytime soon.
http://news.softpedia.com/news/ubuntu-d ... ign=bufferUbuntu, Debian, Fedora and elementary OS All Patched Against WPA2 KRACK Bug
Correct. From the Q&A: https://www.krackattacks.com/dilberts_left_nut wrote:It is just the handshake process that is vulnerable to this exploit (reports of the 'death' of WPA2 encryption seem premature).
From my reading, it looks like as long as the CLIENT is patched, you can safely connect to an unpatched AP.
What if there are no security updates for my router?
Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
Required functionality of both WPA and WPA2, and used by all protected Wi-Fi networks, is the 4-way handshake. Even enterprise networks rely on the 4-way handshake. Hence, all protected Wi-Fi networks are affected by our attacks.
Source: https://papers.mathyvanhoef.com/ccs2017.pdf
Vulnerable enterprise systems, hospitals, ...Finally, although an unpatched client can still connect to a patched AP, and vice versa, both the client and AP must be patched to defend against all attacks!
Source: https://www.krackattacks.com/#faq