Did you update your router for the WPA2/PSK KRACK nonce re-u

[harry newton]

Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
<https://www.krackattacks.com>

I reported it yesterday over here with links...
<https://groups.google.com/forum/#!forum/alt.internet.wireless>

They made it public a half hour ago:
<https://groups.google.com/d/msg/alt.internet.wireless/vn8yRnm7UF8/N89Wcd_OAAAJ>

Manufacturers apparently had 50 days to effect the fix:
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
<https://papers.mathyvanhoef.com/ccs2017.pdf>

--
No need to respond; this is just FYI...

 

[harry newton]

The weaknesses are in the Wi-Fi standard itself, and not in individual
products or implementations.

Therefore, any correct implementation of WPA2 is likely affected. To
prevent the attack, users must update affected products as soon as security
updates become available.

If your device supports Wi-Fi, it is most likely affected.

Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are
all affected by some variant of the attacks.

The research behind the attack will be presented at the Computer and
Communications Security (CCS) conference, and at the Black Hat Europe
conference. Our detailed research paper can already be downloaded.

DEMONSTRATION
As a proof-of-concept we executed a key reinstallation attack against an
Android smartphone.

In this demonstration, the attacker is able to decrypt all data that the
victim transmits. For an attacker this is easy to accomplish, because our
key reinstallation attack is exceptionally devastating against Linux and
Android 6.0 or higher.

This is because Android and Linux can be tricked into (re)installing an
all-zero encryption key (see below for more info). When attacking other
devices, it is harder to decrypt all packets, although a large number of
packets can nevertheless be decrypted.

In any case, the following demonstration highlights the type of information
that an attacker can obtain when performing key reinstallation attacks
against protected Wi-Fi networks:

Any data or information that the victim transmits can be decrypted.

Additionally, depending on the device being used and the network setup, it
is also possible to decrypt data sent towards the victim (e.g. the content
of a website).

Although websites or apps may use HTTPS as an additional layer of
protection, we warn that this extra protection can (still) be bypassed in a
worrying number of situations. For example, HTTPS was previously bypassed
in non-browser software, in Apple's iOS and OS X, in Android apps, in
Android apps again, in banking apps, and even in VPN apps.

 

[David_B]

On 16-Oct-17 2:59 PM, harry newton wrote:

The weaknesses are in the Wi-Fi standard itself, and not in individual
products or implementations.

Therefore, any correct implementation of WPA2 is likely affected. To
prevent the attack, users must update affected products as soon as security
updates become available.

If your device supports Wi-Fi, it is most likely affected.
Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are
all affected by some variant of the attacks.
The research behind the attack will be presented at the Computer and
Communications Security (CCS) conference, and at the Black Hat Europe
conference. Our detailed research paper can already be downloaded.

DEMONSTRATION
As a proof-of-concept we executed a key reinstallation attack against an
Android smartphone.
In this demonstration, the attacker is able to decrypt all data that the
victim transmits. For an attacker this is easy to accomplish, because our
key reinstallation attack is exceptionally devastating against Linux and
Android 6.0 or higher.

This is because Android and Linux can be tricked into (re)installing an
all-zero encryption key (see below for more info). When attacking other
devices, it is harder to decrypt all packets, although a large number of
packets can nevertheless be decrypted.
In any case, the following demonstration highlights the type of information
that an attacker can obtain when performing key reinstallation attacks
against protected Wi-Fi networks:

Any data or information that the victim transmits can be decrypted.
Additionally, depending on the device being used and the network setup, it
is also possible to decrypt data sent towards the victim (e.g. the content
of a website).
Although websites or apps may use HTTPS as an additional layer of
protection, we warn that this extra protection can (still) be bypassed in a
worrying number of situations. For example, HTTPS was previously bypassed
in non-browser software, in Apple's iOS and OS X, in Android apps, in
Android apps again, in banking apps, and even in VPN apps.

FYI https://www.krackattacks.com/

--
David B.

 

[harry newton]

He who is David_B said on Mon, 16 Oct 2017 15:13:58 +0100:

> FYI https://www.krackattacks.com/

That link was already in the original post.

In cryptography, a nonce is a neologism for an arbitrary number that may
only be used once, similar in spirit to the occasionalism lexeme "nonce
word" (as are the headwords of any dictionary).

Here is a related link to the Blackhat briefing that wasn't in the OP:
<https://www.blackhat.com/eu-17/briefings/schedule/#key-reinstallation-attacks-breaking-the-wpa2-protocol-8861>

"We have discovered several key management vulnerabilities in the Wi-Fi
Protected Access II (WPA2) security protocol. These can be exploited using
so-called key reinstallation attacks.

Because this is a protocol-level issue, most correct implementations of the
standard are affected.

Put differently, most protected Wi-Fi networks, including personal and
enterprise WPA2 networks, are affected.

All clients and access points that we tested in practice were vulnerable to
some variant of the attack. The precise impact depends on the specific
variant(s) of the attack that an implementation is vulnerable to."

Bear in mind that the attacker has to be in close proximity to your device
to effect the attack, and that no known variants are in the wild yet, so
it's not something to worry about except to start looking for when the
patches come out for all your devices that handle the WiFi WPA2/PSK
protocol.

--
See also en.wikipedia.org/wiki/Cryptographic_nonce

 

[Mr. Man-wai Chang]

On 16/10/2017 8:46 PM, harry newton wrote:

Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
https://www.krackattacks.com

I reported it yesterday over here with links...
https://groups.google.com/forum/#!forum/alt.internet.wireless
...

Did you notice that these hacks always happen BEFORE someone fixed it?
Are they all security traps, planted into router firmware by design?

--
@~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!!
/ v \ Simplicity is Beauty!
/( _ )\ May the Force and farces be with you!
^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3
不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺! 請考慮綜援 (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

 

[pfjw@aol.com]

On Monday, October 16, 2017 at 11:57:56 AM UTC-4, Mr. Man-wai Chang wrote:

Did you notice that these hacks always happen BEFORE someone fixed it?
Are they all security traps, planted into router firmware by design?

a) If the fix were in, then they could not happen.
b) Otherwise, it would not be a Hack.

You need to brush up on your logic.

Peter Wieck
Melrose Park, PA

 

[harry newton]

He who is Mr. Man-wai Chang said on Mon, 16 Oct 2017 23:57:50 +0800:

Did you notice that these hacks always happen BEFORE someone fixed it?
Are they all security traps, planted into router firmware by design?

This nonce KRACK vulnerability is in *everything*, including smart phones
(iOS & Android) and computers (Mac/Windows/Linux) and routers
(Netgear/Cisco/TPLink) ....

It even affects web sites (e.g., Match.com)...

It's more than just routers, so it's *big* - but bear in mind
a. Fixes will be out soon
b. Nothing is known in the wild yet
c. You have to be nearby to be vulnerable

Still, since it affects *everything* using WPA2 (business and personal),
it's a big deal nonetheless.

All you can do is wait for the patch when it comes out for each of your
devices that implement the affected encryption protocol.

 

[Bill Bradshaw]

It appears if you do not use or have WiFi and WPS enabled you should be
secure from this. Since I have both disabled I assume I am safe because I
use neither.
---
<Bill>

Brought to you from Anchorage, Alaska

"harry newton" <harry@is.invalid> wrote in message
newss29mf$19go$1@gioia.aioe.org...

Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
https://www.krackattacks.com

I reported it yesterday over here with links...
https://groups.google.com/forum/#!forum/alt.internet.wireless

They made it public a half hour ago:
https://groups.google.com/d/msg/alt.internet.wireless/vn8yRnm7UF8/N89Wcd_OAAAJ

Manufacturers apparently had 50 days to effect the fix:
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
https://papers.mathyvanhoef.com/ccs2017.pdf

--
No need to respond; this is just FYI...

 

[harry newton]

He who is Bill Bradshaw said on Mon, 16 Oct 2017 09:23:19 -0800:

It appears if you do not use or have WiFi and WPS enabled you should be
secure from this. Since I have both disabled I assume I am safe because I
use neither.

More so than routers, mostly all known wifi "clients" are affected (e.g.,
all consumer smartphones and computers) that use either WPA or WPA2
(enterprise or personal), and even against networks that just use AES.

Some encrypted web sites are also affected, such as Match.com (as shown in
the aforementioned video).

So you're right that it's not a big deal that there is no encryption in all
these cases because the the man in the middle has to be nearby.

 

[s|b]

On Mon, 16 Oct 2017 12:46:08 +0000 (UTC), harry newton wrote:

Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
https://www.krackattacks.com

Still waiting for an update for my TP-Link Archer C7 router. If I
understand all this correctly, then I'll also need an update for my
Nexus 5X?

--
s|b

 

[J.O. Aho]

On 10/16/17 20:00, harry newton wrote:

He who is Bill Bradshaw said on Mon, 16 Oct 2017 09:23:19 -0800:

It appears if you do not use or have WiFi and WPS enabled you should
be secure from this.  Since I have both disabled I assume I am safe
because I use neither.

More so than routers, mostly all known wifi "clients" are affected (e.g.,
all consumer smartphones and computers) that use either WPA or WPA2
(enterprise or personal), and even against networks that just use AES.

Some encrypted web sites are also affected, such as Match.com (as shown in
the aforementioned video).

They do use a tool commonly used in man-in-the-middle attacks, to strip
away the tls and send the content to the client machine unencrypted. As
they did explain in the video, many don't check in their mobile devices
that they have tls communication or not and those they will be able to
carry out the attack to see the the login credentials in this example.

This has nothing to do with KRACK itself.

So you're right that it's not a big deal that there is no encryption in all
these cases because the the man in the middle has to be nearby.

There are devices that can give an attacker quite long range to execute
their attacks on, so you ain't safe just for you don't see anyone nearby.

--

//Aho

 

[J.O. Aho]

On 10/16/17 20:55, s|b wrote:

On Mon, 16 Oct 2017 12:46:08 +0000 (UTC), harry newton wrote:

Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
https://www.krackattacks.com

Still waiting for an update for my TP-Link Archer C7 router. If I
understand all this correctly, then I'll also need an update for my
Nexus 5X?

It's more important to update the client than the server.

 

[William Unruh]

On 2017-10-16, s|b <me@privacy.invalid> wrote:

On Mon, 16 Oct 2017 12:46:08 +0000 (UTC), harry newton wrote:

Did you update your router for the WPA2/PSK KRACK nonce re-use attack yet?
https://www.krackattacks.com

Still waiting for an update for my TP-Link Archer C7 router. If I
understand all this correctly, then I'll also need an update for my
Nexus 5X?

I think, but do not know for sure, that the primary thing that needs to
protected is the client not the Access point. Ie, your Android (do they
use wpa_supplicant, since Android is based on Linux?) IOs , or your
laptop.
As far as I have seen, there is no fix out yet for wpa_supplicant.

It seems that the reason Windows is more resistant is because they did
not no impliment the full spec for WPA2.

 

[Roger Blake]

On 2017-10-16, J.O. Aho <user@example.net> wrote:
> It's more important to update the client than the server.

Is this something that MS can push an update out for to fix, or does the
wifi chip vendor need to fix device firmware or device driver?

--
-----------------------------------------------------------------------------
Roger Blake (Posts from Google Groups killfiled due to excess spam.)

NSA sedition and treason -- http://www.DeathToNSAthugs.com
Don't talk to cops! -- http://www.DontTalkToCops.com
Badges don't grant extra rights -- http://www.CopBlock.org
-----------------------------------------------------------------------------

 

[harry newton]

He who is J.O. Aho said on Mon, 16 Oct 2017 21:08:48 +0200:

They do use a tool commonly used in man-in-the-middle attacks, to strip
away the tls and send the content to the client machine unencrypted. As
they did explain in the video, many don't check in their mobile devices
that they have tls communication or not and those they will be able to
carry out the attack to see the the login credentials in this example.

This has nothing to do with KRACK itself.

Thanks for explaining *how* they manage to unencrypt *some* encrypted web
sites but not others, as I wasn't sure how they did that.

I was wrong in assuming it was the KRACK attack, which seems to be that
they simply hijack the third of the four handshakes, usually from the
client side, and force it to be resent where in some cases, it's resent as
all zeroes where in other cases it's just resent as a known nonce.

Is that a decent summary or can you summarize the attack mode better?

 

[harry newton]

He who is William Unruh said on Mon, 16 Oct 2017 19:58:55 -0000 (UTC):

It seems that the reason Windows is more resistant is because they did
not no impliment the full spec for WPA2.

Thanks for explaining that as this nonce stuff has certain unexpected
nuances.

However, we have to be a bit careful with any early conclusions such as
mine yesterday (before the paper came out) that routers were originally
involved more so than clients, which turns out, as noted, to be not the
case - the mobile device and desktop clients are the weak link here.

However, all conclusions from the paper at the moment are preliminary
because the paper was sent for review on the 19th May where the authors
found out more information afterward that's not in the paper, but it *does*
seem that some OS'es (e.g., MacOS & Android 6+ & Ubuntu, for example) are
apparently far more acutely affected than are the Windows based WPA1 and
WPA1 implementations (or the iOS implementation).

 

[Jonathan N. Little]

harry newton wrote:

He who is Bill Bradshaw said on Mon, 16 Oct 2017 09:23:19 -0800:

It appears if you do not use or have WiFi and WPS enabled you should
be secure from this. Since I have both disabled I assume I am safe
because I use neither.

More so than routers, mostly all known wifi "clients" are affected (e.g.,
all consumer smartphones and computers) that use either WPA or WPA2
(enterprise or personal), and even against networks that just use AES.

Some encrypted web sites are also affected, such as Match.com (as shown in
the aforementioned video).

So you're right that it's not a big deal that there is no encryption in all
these cases because the the man in the middle has to be nearby.

Ubuntu just pushed out a patch today.

sudo apt-get update && sudo apt-get -y upgrade

and you are good to go.

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

 

[harry newton]

He who is Jonathan N. Little said on Mon, 16 Oct 2017 18:13:09 -0400:

Ubuntu just pushed out a patch today.

sudo apt-get update && sudo apt-get -y upgrade

and you are good to go.

We have to be careful about "a patch" since there are actually multiple
vulnerabilities, although perhaps one patch fixes all.

Ubiquiti released this today for example...where my rooftop radios can pick
up the signals from over a million people, so, that many people can attack
me.

"You are mostly covered if you are running v8.4.0 (AC series) or v6.0.7 (M
series). We will fully resolve the issue with v8.4.2/v6.1.2 (betas aimed
for the end of this week). Furthermore, our proprietary airMAX protocol
makes simple attacks more difficult to carry out.

Will be fully fixed with v8.4.2/v6.1.2:
CVE-2017-13077: reinstallation of the pairwise key in the Four-way
handshake
CVE-2017-13078: reinstallation of the group key in the Four-way handshake
CVE-2017-13079: reinstallation of the integrity group key in the Four-way
handshake
CVE-2017-13080: reinstallation of the group key in the Group Key handshake
CVE-2017-13081: reinstallation of the integrity group key in the Group Key
handshake
Unaffected:
CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
Request and reinstalling the pairwise key while processing it
CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake
CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response frame"

 

[Paul]

Roger Blake wrote:

On 2017-10-16, J.O. Aho <user@example.net> wrote:
It's more important to update the client than the server.

Is this something that MS can push an update out for to fix, or does the
wifi chip vendor need to fix device firmware or device driver?

Fixed on Patch Tuesday. Good luck collecting
detailed proof though.

https://social.technet.microsoft.com/Forums/en-US/e2fe0489-93ae-4177-8dea-53e7a204ef54/eta-of-patch-for-quotkrackquot-was-this-patched-previously-or-should-we-expect-a-patch-soon?forum=win10itprosecurity

There's a Wifi architecture diagram here. This is so
you can see the degrees of freedom allowed.

https://docs.microsoft.com/en-us/windows-hardware/drivers/network/native-802-11-software-architecture

I'd wait for some "expert" opinion. I'd accept the
opinion of the Microsoft staffer who wrote the patch
Anyone else, not so much.

Paul

 

[. . .winston]

Paul wrote:

Roger Blake wrote:
On 2017-10-16, J.O. Aho <user@example.net> wrote:
It's more important to update the client than the server.

Is this something that MS can push an update out for to fix, or does the
wifi chip vendor need to fix device firmware or device driver?


Fixed on Patch Tuesday. Good luck collecting
detailed proof though.

https://social.technet.microsoft.com/Forums/en-US/e2fe0489-93ae-4177-8dea-53e7a204ef54/eta-of-patch-for-quotkrackquot-was-this-patched-previously-or-should-we-expect-a-patch-soon?forum=win10itprosecurity


There's a Wifi architecture diagram here. This is so
you can see the degrees of freedom allowed.

https://docs.microsoft.com/en-us/windows-hardware/drivers/network/native-802-11-software-architecture


I'd wait for some "expert" opinion. I'd accept the
opinion of the Microsoft staffer who wrote the patch
Anyone else, not so much.

Paul

Microsoft CVE Notice

<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080>
<qp>When did Microsoft release the security updates to address this
vulnerability?
Microsoft released security updates on October 10, 2017 as part of Update
Tuesday to resolve this vulnerability in all affected editions of Windows.
Customers who have Windows Update enabled and who applied the latest
security updates are protected automatically. The Security Update Guide was
updated on October 16, 2017 to provide full disclosure on this vulnerability
in accordance with a multi-vendor coordinated disclosure.
</qp>

Also, if using a NetGear router see....
<https://kb.netgear.com/000049498/Security-Advisory-for-WPA-2-Vulnerabilities-PSV-2017-2826-PSV-2017-2836-PSV-2017-2837>
</qp>
NETGEAR is aware of WPA-2 security vulnerabilities that affect NETGEAR
products that connect to WiFi networks as clients. These vulnerabilities are
potentially exploitable under the following conditions:
•Your devices are only vulnerable if an attacker is in physical proximity to
and within wireless range of your network.
•****Routers and gateways are only affected when in bridge mode**** (which
is not enabled by default and not used by most customers). A WPA-2 handshake
is initiated by a router in bridge mode only when connecting or reconnecting
to a router
</qp>


--
...winston
msft mvp windows experience 2007-2016, insider mvp 2016-2018