Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic open

Off-Topic discussions about science, technology, and non Debian specific topics.
Post Reply
Message
Author

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

#2 Post by GarryRicketson »

Interesting, I thought most people all ready knew about this, part , on the
https,....
The site went on to warn that visiting only HTTPS-protected Web pages wasn't automatically a remedy for the risk.

"Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations," the researchers explained. "For example, HTTPS was previously bypassed in ---- snip-----
There is another article here, it actually looks like a copy:
https://www.krackattacks.com/

User avatar
Thorny
Posts: 542
Joined: 2011-02-27 13:40

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

#3 Post by Thorny »

Patched
October 16, 2017
Debian Security Advisory DSA-3999-1

That is jessie-->Sid patched. They don't mention Wheezy, Garry.

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

#4 Post by GarryRicketson »

Actually I am not using Debian Wheezy any more, but any way, good to see they got it patched.
I don't use Wi-Fi either, I used to when I was travelling sometimes, but even then not that much. Any way that would be another topic.

n_hologram
Posts: 459
Joined: 2013-06-16 00:10

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

#5 Post by n_hologram »

What precautions should be taken with a router? I'm pretty sure mine isn't getting another firmware update anytime soon.
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
the crunkbong project: scripts, operating system, the list goes on...

User avatar
HuangLao
Posts: 485
Joined: 2015-01-27 01:31
Been thanked: 1 time

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

#6 Post by HuangLao »

n_hologram wrote:What precautions should be taken with a router? I'm pretty sure mine isn't getting another firmware update anytime soon.
as big as this flaw was, you may get an update for the router....If not, look into openWRT or DD-WRT, they work especially well for Linsys routers, DD-WRT works well with many other brands as well.

User avatar
alan stone
Posts: 269
Joined: 2011-10-22 14:08
Location: In my body.

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

#7 Post by alan stone »

Any WiFi cellphones/tablets and home/SOHO/shop/bar/restaurant/airport/... access points out there, who will remain unpatched and vulnerable? :roll:

EDIT:

Let’s get digital, digital,
I wanna get all digital, let’s get all digital
Let me hear your cellphone talk,
Your cellphone talk, let me hear your cellphone talk.
(adapted from: let's get physical)

User avatar
dilberts_left_nut
Administrator
Administrator
Posts: 5346
Joined: 2009-10-05 07:54
Location: enzed
Has thanked: 12 times
Been thanked: 66 times

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

#8 Post by dilberts_left_nut »

It is just the handshake process that is vulnerable to this exploit (reports of the 'death' of WPA2 encryption seem premature).

From my reading, it looks like as long as the CLIENT is patched, you can safely connect to an unpatched AP.
AdrianTM wrote:There's no hacker in my grandma...

arochester
Emeritus
Emeritus
Posts: 2435
Joined: 2010-12-07 19:55
Has thanked: 14 times
Been thanked: 54 times

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

#9 Post by arochester »

Ubuntu, Debian, Fedora and elementary OS All Patched Against WPA2 KRACK Bug
http://news.softpedia.com/news/ubuntu-d ... ign=buffer

TonyT
Posts: 575
Joined: 2006-09-04 11:57

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

#10 Post by TonyT »

dilberts_left_nut wrote:It is just the handshake process that is vulnerable to this exploit (reports of the 'death' of WPA2 encryption seem premature).

From my reading, it looks like as long as the CLIENT is patched, you can safely connect to an unpatched AP.
Correct. From the Q&A: https://www.krackattacks.com/
What if there are no security updates for my router?

Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.

User avatar
alan stone
Posts: 269
Joined: 2011-10-22 14:08
Location: In my body.

Re: Ouch! Severe flaw in WPA2 protocol leaves Wi-Fi traffic

#11 Post by alan stone »

Required functionality of both WPA and WPA2, and used by all protected Wi-Fi networks, is the 4-way handshake. Even enterprise networks rely on the 4-way handshake. Hence, all protected Wi-Fi networks are affected by our attacks.
Source: https://papers.mathyvanhoef.com/ccs2017.pdf
Finally, although an unpatched client can still connect to a patched AP, and vice versa, both the client and AP must be patched to defend against all attacks!
Source: https://www.krackattacks.com/#faq
Vulnerable enterprise systems, hospitals, ...
Government systems?

Post Reply