Jump to content

Recommended Posts

Posted

WPA2 is bypassed with MITM attack against Linux and Android devices.

 

Posted

I know Seb said he is looking into it, and Patrick mentioned it on DTNS yesterday too. I am looking forward to seeing what comes now in new firmwares.

Posted (edited)

AP vuln test script released - as it was already leaked. https://github.com/vanhoefm/krackattacks-test-ap-ft

[10:41:56] AP transmitted data using IV=1 (seq=3757)
[10:41:56] AP transmitted data using IV=1 (seq=3757)
[10:41:56] IV reuse detected (IV=1, seq=3757). AP is vulnerable!
[10:41:56] AP transmitted data using IV=2 (seq=3772)

My main router is vulnerable :(

Edited by Just_a_User
  • 2 weeks later...
Posted
On 10/27/2017 at 5:25 PM, connorboucher said:

WPA3 Confirmed? (I hope not ;-;)

WPA3 is not even a thing yet. There is no new standard, as far as I know, that supersedes WPA2 and WPA2 Enterprise.

Posted
13 hours ago, digip said:

WPA3 is not even a thing yet. There is no new standard, as far as I know, that supersedes WPA2 and WPA2 Enterprise.

Correct-a-mundo.

I think it's a near-top-priority right now for WiFi Security engineers, but as to when there will be a superseding security method..I know not. Could be that they ditch passwords altogether and use a certificate-like authentication, but that means it needs to be secure against certificate spoofing.

Posted
16 hours ago, Dave-ee Jones said:

Correct-a-mundo.

I think it's a near-top-priority right now for WiFi Security engineers, but as to when there will be a superseding security method..I know not. Could be that they ditch passwords altogether and use a certificate-like authentication, but that means it needs to be secure against certificate spoofing.

How do you issue certs to each device, and what devices will inherently be able to support it in this manner. This being the age of TV's, game consoles and DVD players all being WPA2 compliant now, I think you would ultimately kill a huge trunk of the user base, if you suddenly go to a new standard, vs patching the existing model to keep legacy devices working.

Posted (edited)
13 minutes ago, digip said:

I'd suggest getting patches from official sources, but that's just me.

Are there official ones released? I prob missed them

Edited by Just_a_User
Posted (edited)

OpenWRT is an alternative to most linksys devices. What is the device it goes on, the manufacturer? Either that, or go to the OpenWRT site, get official 3rd party firmware, which I'm sure at some point, the OpenWRT community will patch. Unless the git repo is one of the developers for OpenWRT(I don't know them), then I would probably avoid randomly found patches. I mean, it could be legit patched, but I'm a bit more cautious when it comes to some things. Especially when I don't see the code used in them, although you could unzip all the way down to the IPK and unzip them as well, I wouldn't know where to look specifically for changes that fix this issue. They apparently have their own GIT repo as well - http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=acfb6c2181b1589e5b2d0d121180bcc7d62d37d4

Edited by digip
  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...