WPA2 Security Cracked

[FG Lurker]

Man, lots of people are going to be fucked by this:
https://arstechnica.com/information-tec ... sdropping/

It has only just become publicly known but I'm sure many have been exploiting this already. If you have a WiFi network connected to anything of value you probably want to turn off your access point.

[Grumpy Gramps]

And many of these devices like Androids or embedded routers get updates only once in a blue moon. This might drag on for years.

[omae mona]

Seriously, who is transmitting data via wi-fi without an extra layer of security like HTTPS which protects against eavesdropping even if WPA2 is cracked? Oh, wait...

[Coligny]

Ehmmm ... when did it become needed to encrypt comms while accessing a forum for which 95% of the threads are open to search engine bots and the remaining 10% contain data that would offer no value to hackerz ?

Hackerz that would need to be in range of your wifi anyway...

This attack/threat is near the same level as hacks that can be used only if you have physical access to the target computer...

Sure the flaws exist and are troublesome. But in context are no different to leaving your front door open. Not the "Soviet Russia elected Donald Trump" level of l33t h4x0r1nhZzz

[wagyl]

I always knew that FG was the forum that gave 105%!

[FG Lurker]

Seriously, who is transmitting data via wi-fi without an extra layer of security like HTTPS which protects against eavesdropping even if WPA2 is cracked? Oh, wait...

That's one aspect of course.

The other aspect is that this provides an easy vector to break into many networks. Lots of offices have WPA2-protected WiFi now. It's been around so long that it started to actually seem like it might be secure. So much for that idea.

[FG Lurker]

And many of these devices like Androids or embedded routers get updates only once in a blue moon. This might drag on for years.

Yup, and most of these devices require the user to update them. People bitch about MS automatic updates but at least Windows gets updated now. Most routers out there will probably never get updated, and lots of phones that are more than a year old will probably never get updated either.

[matsuki]

And many of these devices like Androids or embedded routers get updates only once in a blue moon. This might drag on for years.

Yup, and most of these devices require the user to update them. People bitch about MS automatic updates but at least Windows gets updated now. Most routers out there will probably never get updated, and lots of phones that are more than a year old will probably never get updated either.

Is there even a fix for this yet?

[Wage Slave]

Just looked at my router (Planex) and it does in fact have an auto firmware update feature and it is set to on by default. I don't think there has been any update done as it's still on v1.02 and there is nothing about the problem or a patch on the Planex website.

[matsuki]

Just looked at my router (Planex) and it does in fact have an auto firmware update feature and it is set to on by default. I don't think there has been any update done as it's still on v1.02 and there is nothing about the problem or a patch on the Planex website.

Nothing for mine yet either....I think people like us who are paying attention will be relatively safe with our home networks once security updates are released, it's the public wifi and such that I'd worry about.

[Grumpy Gramps]

A WPA2 update just came in on my linux box today. So they seem to be doing something out there. I don't hold my breath for the droids, though.

[Wage Slave]

Are using that Linux box as a wifi router then? I assumed that the routers would have to be patched rather than the computers and devices using them. Or is it both? Or is it the computers and devices?

[Grumpy Gramps]

Good question. IIRC, in the video, they simulated the same SSID on a different channel to trick the laptop/phone to connect to the hacker's router instead of the real one, so the actual router seems to play no role in the attack. But if the problem lies in the protocol itself that needs to be changed, then all devices would need to be patched?

[matsuki]

I'm not sure yet either but updates to the Android OS are highly anticipated by most so getting those devices updated is likely the least of the worries.

[Wage Slave]

Much better article in The Guardian:

https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-security-vulnerable-hacking-us-government-warns

It appears computers, devices and routers will all have to be patched. In due course. Meanwhile, if someone is pretty advanced with their hacking tools/knowledge and parks out the front of your premises for an extended period then they will be able to intercept and decode your communications as well as (I assume) root around in your shared storage.

[Coligny]

IMG_0314.JPG

[Grumpy Gramps]

as well as (I assume) root around in your shared storage.

Articles in German said that the attacker can hijack/record your communication, but they still dom't get to know the wifi-password, so are unable to participate in the network themselves. So they 'should' 'theoretically' not be able to rummage around your NAS.

[Wage Slave]

IMG_0314.JPG

?

[Wage Slave]

as well as (I assume) root around in your shared storage.

Articles in German said that the attacker can hijack/record your communication, but they still dom't get to know the wifi-password, so are unable to participate in the network themselves. So they 'should' 'theoretically' not be able to rummage around your NAS.

Ah, I wasn't completely clear on that. That's good news.

[wuchan]

Sorry for being late on this.

This is not a new thing. It's been a known issue for almost 20 years now.

Want free wifi: https://en.wikipedia.org/wiki/Kismet_(software)


I switched to apple many years ago because it ran on a UNIX based system and could easily sniff out my neighbors wifi passwords within a day or two. Apple couldn't force inject like linux could but the support and stability (and warrantee) made MacBooks very valuable to me. Apple has since made a deal with cisco to stop OS X from being able to run kismet like programs but it can still be done through console using x64 and disabling apple talkback.


The fappening pics mostly came from MacBooks in starbucks.

[Coligny]

IMG_0314.JPG

?

Commander Adama from the Battlestar Galactica Reboot.
Story starts with the fact that his ship is the only Battlestar able to evade the Cylon attack because all wireless comunication inside the ship was forbidden.

I was there (tm) back in the late 90' when wifi started to rise among consumer products. (Even with that pointless little war between wifi and bluetooth). And back then any wifi bridge was in vlan treated either as DMZ or as fully external.