Using WPA2 wireless? Patch up ASAP!

Elixer · Oct 17, 2017

The way I understand this, this hack lets people see inside the WPA2 "container", and spy on things that way.
However, if you are using a VPN, that is still encrypted.
TLS is also still encrypted.

The funny part of this whole thing is that MS & Apple apparently didn't follow the specs to the letter, and in their implementation of WPA2 the current hack doesn't exploit the main issue, just some minor stuff.
WPA2 specs aren't available to the public either, which is BS, you must pay IEEE $$$ to gain access to the docs.

John Connor · Oct 18, 2017

Elixer said:
you must pay IEEE $$$ to gain access to the docs.

Tell me about it. I've tried to do research on things and ran into that road block. Bunch of BS right there.

John Connor · Oct 18, 2017

BarkingGhostar said:
turning off SSID, using MAC filtering

Those were never meant to be security features, and using them as such you're just fooling yourself.

[DHT]Osiris · Oct 18, 2017

Red Squirrel said:
Wait so if client devices have to be patched too, how does that work for phones? Will regular updates actually fix that or does it require more effort?

It doesn't work for phones, welcome to the security nightmare that is modern cell OS'.

BarkingGhostar · Oct 18, 2017

John Connor said:
Those were never meant to be security features, and using them as such you're just fooling yourself.

I'm not using them as security features. I'm using WPA2, but that is bad and TP-Link isn't doing anything about it.

Grooveriding · Oct 18, 2017

I have a router that has Shibby's Tomato firmware and he is not going to patch it up. Our main router is a small PC running PFSense, but this router is for another network and I'd like to avoid having to set it up all over again with a different router.

Is there any safe option that will allow me to continue using wireless with this router? Another protocol or something of the sort?

dave_the_nerd · Oct 18, 2017

Grooveriding said:
I have a router that has Shibby's Tomato firmware and he is not going to patch it up. Our main router is a small PC running PFSense, but this router is for another network and I'd like to avoid having to set it up all over again with a different router.

Is there any safe option that will allow me to continue using wireless with this router? Another protocol or something of the sort?

Different firmware.

dave_the_nerd · Oct 18, 2017

BarkingGhostar said:
I'm not using them as security features. I'm using WPA2, but that is bad and TP-Link isn't doing anything about it.

http://www.tp-link.com/en/faq-1970.html

They're working on it. Patches forthcoming. (I'm waiting for patches for my Smart Plugs.)

Red Squirrel · Oct 18, 2017

[DHT]Osiris said:
It doesn't work for phones, welcome to the security nightmare that is modern cell OS'.

By does not work, does it mean there is no way to patch it? So even if I patch my router, if someone with a vulnerable phone connects to my network, it exposes the entire network? (well, the wireless vlan in my case)

Red Squirrel · Oct 18, 2017

Actually when you disable SSID broadcast, does it actually not broadcast it, or does it just tell client devices to not display it? I could see it be a somewhat "security through obscurity" feature that is better than nothing. Someone is not going to sit there and try every possible word to see if there is a network under it. But if it's still sending it through the airwaves then that is moot as someone that has some kind of wifi logic analyzer could probably decode it.

dave_the_nerd · Oct 18, 2017

Red Squirrel said:
Actually when you disable SSID broadcast, does it actually not broadcast it, or does it just tell client devices to not display it? I could see it be a somewhat "security through obscurity" feature that is better than nothing. Someone is not going to sit there and try every possible word to see if there is a network under it. But if it's still sending it through the airwaves then that is moot as someone that has some kind of wifi logic analyzer could probably decode it.

Yeah, you're still broadcasting packets. A wifi analyzer program will just show a wifi network with no SSID, and then you can connect to it based on the hash or UUID or whatever-its-called.

Yakk · Oct 18, 2017

dave_the_nerd said:
Yeah, you're still broadcasting packets. A wifi analyzer program will just show a wifi network with no SSID, and then you can connect to it based on the hash or UUID or whatever-its-called.

Yup, just get any wifi analyzer app on your phone and the network just shows up as a network with no name, that's the only difference.

Elixer · Oct 18, 2017

Grooveriding said:
I have a router that has Shibby's Tomato firmware and he is not going to patch it up.

Source of that? AFAIK, they will all eventually patch up.

Is there any safe option that will allow me to continue using wireless with this router? Another protocol or something of the sort?

Don't use the router as a client.
Don't use TKIP or GCMP, or 802.11r
Job #1 is patch the clients.
That means, assuming you have [isp modem]=cat 5=[router] then you really don't have to worry about this as being time critical.
You DO have to worry about all clients, phones, IoT devices, and things like that, THOSE can get intercepted.

rchunter · Oct 18, 2017

I'm running shibby tomato also but I plan on disabling wifi on it and just ordering a Ubiquiti UAP to ceiling mount in my server room.

Elixer · Oct 18, 2017

rchunter said:
I'm running shibby tomato also but I plan on disabling wifi on it and just ordering a Ubiquiti UAP to ceiling mount in my server room.

If you are not using the router as a client (or use one of the protocols I mentioned above), you don't have to disable wifi.

rchunter · Oct 18, 2017

Elixer said:
If you are not using the router as a client (or use one of the protocols I mentioned above), you don't have to disable wifi.

Good to know. Thank you.

John Connor · Oct 18, 2017

Grooveriding said:
I have a router that has Shibby's Tomato firmware and he is not going to patch it up. Our main router is a small PC running PFSense, but this router is for another network and I'd like to avoid having to set it up all over again with a different router.

Is there any safe option that will allow me to continue using wireless with this router? Another protocol or something of the sort?

Nope. New firmware!

John Connor · Oct 18, 2017

Red Squirrel said:
Actually when you disable SSID broadcast, does it actually not broadcast it, or does it just tell client devices to not display it? I could see it be a somewhat "security through obscurity" feature that is better than nothing. Someone is not going to sit there and try every possible word to see if there is a network under it. But if it's still sending it through the airwaves then that is moot as someone that has some kind of wifi logic analyzer could probably decode it.

Look into Kali.

VirtualLarry · Oct 18, 2017

I use Shibby Tomato too. Ah well.

ch33zw1z · Oct 19, 2017

bump

Ubiquiti patched it

https://www.ubnt.com/download/unifi...irmware-393-uap-ac-litelrproedumm-proiwiw-pro

edit: vulnerability link https://www.krackattacks.com/

[DHT]Osiris · Oct 19, 2017

Red Squirrel said:
By does not work, does it mean there is no way to patch it? So even if I patch my router, if someone with a vulnerable phone connects to my network, it exposes the entire network? (well, the wireless vlan in my case)

It'll expose traffic between the unsecured client (unpatched phone) and the router/AP/VLAN. Technically this could expose unencrypted traffic between the unpatched device and a patched device, just between the unpatched device and the AP, rather than the patched device and the AP. Think of a scenario involving telnet between hostA and hostB, hostB is patched, hostA isn't, and AP between them is patched. HostA to AP traffic can be sniffed, and telnet cleartext can be extracted.

Since most phones don't get patches beyond, oh, 3 months or so, it's probably safe to assume any unencrypted/non-broken encryption (see various implementations of SSL/TLS) is potentially cleartext'd by this in a public environment.

Grooveriding · Oct 19, 2017

Elixer said:
Source of that? AFAIK, they will all eventually patch up.

Don't use the router as a client.
Don't use TKIP or GCMP, or 802.11r
Job #1 is patch the clients.
That means, assuming you have [isp modem]=cat 5=[router] then you really don't have to worry about this as being time critical.
You DO have to worry about all clients, phones, IoT devices, and things like that, THOSE can get intercepted.

Source was second hand from the English forums for Tomato firmware. Apparently Shibby said on a Polish forum he is not going to patch his firmwares for this exploit.

On the wireless side we have two phones - both on Android, a laptop, printer, PS4 & Switch. So patch up Android and the laptop and I guess wait for the PS4 and Switch to be updated?

Maybe I will just bite the bullet and put DD-WRT on the router. It's already patched I believe, or it is coming shortly. I read something of the sort on reddit.

Insomniator · Oct 19, 2017

I don't care, sick of it. There are probably 500 networks in my apartment complex where no one will have any clue on patching anything. I'll take the chance!

BarkingGhostar · Oct 19, 2017

I actually find it amusing people broadcast their SSID. But they must be blissful.

ch33zw1z · Oct 19, 2017

lol, why wouldnt I, is someone gonna guess my super hard password?

Using WPA2 wireless? Patch up ASAP!

Lifer

Lifer

Lifer

Lifer

Diamond Member

Diamond Member

Lifer

Lifer

No Lifer

No Lifer

Lifer

Golden Member

Lifer

Senior member

Lifer

Senior member

Lifer

Lifer

No Lifer

Lifer

Lifer

Diamond Member

Diamond Member

Diamond Member

Lifer