☁ is falling, WPA2 is vulnerable



  • So what router Distributions offer free simple radius? Or what router/ap combo should I buy?
    I'm running untangle on an atom computer, but I'm not very happy with it (realtek ethernet interfaces, ew)



  • The Wi-Fi Alliance are a bunch of incompetent idiots that couldn't design a secure protocol if their lives depended on it.



  • The vast majority of existing access points aren't likely to be patched quickly, and some may not be patched at all.

    some may not be patched at all.

    "Some" 😆😆😆 yeah some 90% of them I'd bet.



  • I'm not exactly surprised, they're 0 for 3 now. You know the old adage, once is an accident....
    Still, I remember us discussing router Distributions, and I might as well buy/build something good while I'm updating.



  • @swayde I suspect you won't need Radius. Based on people like RouterOS who have upgraded, it seems that the workaround is just not to implement the spec as published, but a good-enough approximation that lacks the critical vulnerability.

    (Of course, everything above is dependent on whether your router gets upgrades, which is not the most common thing in the world).



  • Also, the vulnerability isn’t AP side, it’s client side. So, as long as your APs are just APs, and you’re not using them as wireless range extenders that resend as wireless clients, there won’t be a patch for your AP because there’s nothing to patch.



  • Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux. Here, the client will install an all-zero encryption key instead of reinstalling the real key. This vulnerability appears to be caused by a remark in the Wi-Fi standard that suggests to clear the encryption key from memory once it has been installed for the first time. When the client now receives a retransmitted message 3 of the 4-way handshake, it will reinstall the now-cleared encryption key, effectively installing an all-zero key. Because Android uses wpa_supplicant, Android 6.0 and above also contains this vulnerability. This makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices. Note that currently 41% of Android devices are vulnerable to this exceptionally devastating variant of our attack.



  • @lb_
    "Five Exceptionally Devastating Wireless Vulnerabilities Every Network Administrator Should Know"

    Really, from an overall security of the protocol perspective, this isn't really any different from the fact that once someone cracks your WPA PSK they can impersonate your AP and MITM all your traffic. Wireless protocols that let you connect to an arbitrary access point with nothing but a pre-shared key that's printed at the checkout register are inherently insecure, news at 11.


  • :belt_onion:

    @gwowen said in ☁ is falling, WPA2 is vulnerable:

    @swayde I suspect you won't need Radius. Based on people like RouterOS who have upgraded, it seems that the workaround is just not to implement the spec as published, but a good-enough approximation that lacks the critical vulnerability.

    I also haven't seen anything indicating that RADIUS is a mitigation. My site uses RADIUS and we were still directed to apply the vendor-supplied patches last Thursday. Still reading up on it though.


  • BINNED

    @swayde

    Tsss ... Ars ... leaving out it was discovered by a Belgian researcher ...
    Go 🇧🇪 ! Go :flag_alma_mater: !



  • @luhmann
    Hopefully with all the hype from this bruhaha, he can get hired into a real company, build up some valuable real world experience that he can then quit because it's too much effort leverage into a proper tenured teaching position so he doesn't have to publish any more and we don't have to hear from him again. 🚎



  • Well, it's not like you can rely on internet connections to be confidential anyway. So for normal users it does not really change much. If SSL is used, it's not an issue and if not, there is somebody else to blame.

    Where it might be a problem is companies that run non-encrypted stuff on their intranet and have Wi-Fi connected to it. Those need to either start using SSL for internal services—which they should anyway; most breaches are insider jobs—, always use VPN over the Wi-Fi, or… no, they really should do one of those two things anyway.



  • @bulb said in ☁ is falling, WPA2 is vulnerable:

    Where it might be a problem is companies that run non-encrypted stuff on their intranet and have Wi-Fi connected to it.

    I always thought the whole "intranet" idea, or more specifically the idea that things in it are automatically trusted (which is what 99% of network devices assume), did more harm than good.



  • Ha... This explains why my 2 years old Netgear router suddenly have update today.



  • @anonymous234 said in ☁ is falling, WPA2 is vulnerable:

    @bulb said in ☁ is falling, WPA2 is vulnerable:

    Where it might be a problem is companies that run non-encrypted stuff on their intranet and have Wi-Fi connected to it.

    I always thought the whole "intranet" idea, or more specifically the idea that things in it are automatically trusted (which is what 99% of network devices assume), did more harm than good.

    Yeah. Well, the “intranet” as in stuff that is not visible from outside the company is reasonable. But it should be part of defense-in-depth, not the only protection. All the services still have to be encrypted and authenticated with SSL (or equivalent) and properly authorized.



  • @cheong said in ☁ is falling, WPA2 is vulnerable:

    Ha... This explains why my 2 years old Netgear router suddenly have update today.

    Installed firmware update and reboot... cannot connect to internet. DNS works, the router can connect to outside and my machine can connect to router, just it won't allow any packet route through it.

    Run "Reset to default setting", and it can connect to internet. Restore setting from backup and it won't allow me to connect again.

    Fine, now I have to type back the settings one by one.... Fxxk.


Log in to reply