Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Discussion in 'other security issues & news' started by BoerenkoolMetWorst, Oct 16, 2017.

  1. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    24,505
    Location:
    U.S.A.
  2. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,988
    Location:
    Europe then Asia
    Krack an attempt to "make Wardriving great again" :p
     
  3. mary7

    mary7 Registered Member

    Joined:
    Oct 17, 2017
    Posts:
    6
    Location:
    Italy
    Hi, I'm new on the forum. I hve some questions:

    -Desktop computers connected with Ethernet are not affected, right?
    - Laptop or Notebook connected with Wi Fi that have received Microsoft security update of October 10th are protected if the router doesn t received a firmware update?

    Thanks
     
  4. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,930
    Location:
    Outer space
  5. mary7

    mary7 Registered Member

    Joined:
    Oct 17, 2017
    Posts:
    6
    Location:
    Italy
    Last edited: Oct 17, 2017
  6. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,698
    Location:
    Among the gum trees
    Hi and welcome. Yes.
    Yes in theory if the only other device on your network is that laptop then you should be safe. That is if no other bugs in the WiFi protocols are disclosed at some point in the future.
     
  7. mary7

    mary7 Registered Member

    Joined:
    Oct 17, 2017
    Posts:
    6
    Location:
    Italy
    I have also 3 smarthphones and a tablet but with them we don't do bank transaction or other important things, only whatsap, facebook and play so for these if there will be no update I have nothing to do.

    Thanks for the reply Krusty
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,698
    Location:
    Among the gum trees
    All bets are off.
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,366
    Location:
    U.S.A.
    Vendor Information for VU#228519: http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD Reference=228519&SearchOrder=4

    These are the router makers that have patched KRACK WPA2 Wi-Fi flaws
    https://www.androidcentral.com/these-are-router-makers-have-patched-krack-wpa2-wi-fi-flaws

    Another reference: https://www.bleepingcomputer.com/ne...-driver-updates-for-krack-wpa2-vulnerability/
     
    Last edited: Oct 17, 2017
  10. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,130
    Location:
    Toronto, Canada
    LEDE/OpenWrt (DD-WRT as well) patched this up already, within 24 hours of disclosure. Always great to see open source community working together efficiently. Although there is more to this than simply patching the access points, routers, etc. The client devices, as we know already, need the patches as well.
     
  11. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,095
    Location:
    USA, MICHIGAN
    So does both device and router need to be update/ patched? Or just router?
     
  12. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    72
    Location:
    Some country in the European Union
    You should patch client devices too.

     
  13. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,095
    Location:
    USA, MICHIGAN
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,366
    Location:
    U.S.A.
    https://www.welivesecurity.com/2017/10/16/wpa2-security-issues-pose-serious-wi-fi-safety-questions/

     
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,698
    Location:
    Among the gum trees
  16. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,802
    Location:
    localhost
    Last edited: Oct 20, 2017
  17. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    24,505
    Location:
    U.S.A.
  18. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,698
    Location:
    Among the gum trees
  19. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,366
    Location:
    U.S.A.
  20. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,095
    Location:
    USA, MICHIGAN
    I need to call AT&T see if they're going to send out update patch for their modem router combo, does anybody know if they have one or use AT&T DSL?
     
  21. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,366
    Location:
    U.S.A.
  22. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,396
    Location:
    Ontario, Canada
    My ISP says our modem/routers are not affected! And I have the Gigabit Modem/Router Hitron CODA-4582U

    List of NOT IMPACTED Rogers gateways (updated October 20, 2017 – 10AM)

    Cisco/Technicolor DPC3825
    Hitron CGN2
    Hitron CGN3ROG
    Hitron CGN3ACR
    Hitron CGN3ACSMR
    Hitron CGN3AMR
    Hitron CGN3AMF
    Hitron CGNM3552
    Hitron CODA-4582
    Hitron CODA-4582U

    http://communityforums.rogers.com/t...bility-modem-updates-coming/m-p/405796#M48574
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,366
    Location:
    U.S.A.
    Also as noted in the technical articles on this vulnerability, the attacker must be in Wi-Fi router range to pull off the attacker. So if you're a home user and your next door neighbor is a hacker, I guess you should then be worried. Or the attacker outfitted his cat for WAR driving; see my separate posting on that one.:D
     
  24. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,829
    Location:
    Slovakia
    Not to mention, that SSL traffic in unaffected, so not much has changed, http traffic should never be considered safe, it can be easily eavesdropped anywhere on the route.
     
  25. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,095
    Location:
    USA, MICHIGAN
Loading...