Jump to content
Hak5 Forums
digip

WPA2 - Broken

Recommended Posts

WPA2 is bypassed with MITM attack against Linux and Android devices.

 

  • Like 1

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

I was wondering while reading this morning if anyone here had posted yet. You don't disappoint! 

Share this post


Link to post
Share on other sites

I know Seb said he is looking into it, and Patrick mentioned it on DTNS yesterday too. I am looking forward to seeing what comes now in new firmwares.

Share this post


Link to post
Share on other sites

Really nice break down of the mechanics of the attack. This guy is great to watch anyway.

 

  • Like 1

Share this post


Link to post
Share on other sites

I like LiveOverflow's videos too.  His videos are the ones to watch if you want to get into the binary side of things.

Share this post


Link to post
Share on other sites

AP vuln test script released - as it was already leaked. https://github.com/vanhoefm/krackattacks-test-ap-ft

[10:41:56] AP transmitted data using IV=1 (seq=3757)
[10:41:56] AP transmitted data using IV=1 (seq=3757)
[10:41:56] IV reuse detected (IV=1, seq=3757). AP is vulnerable!
[10:41:56] AP transmitted data using IV=2 (seq=3772)

My main router is vulnerable :(

Edited by Just_a_User

Share this post


Link to post
Share on other sites
On 10/27/2017 at 5:25 PM, connorboucher said:

WPA3 Confirmed? (I hope not ;-;)

WPA3 is not even a thing yet. There is no new standard, as far as I know, that supersedes WPA2 and WPA2 Enterprise.

Share this post


Link to post
Share on other sites
13 hours ago, digip said:

WPA3 is not even a thing yet. There is no new standard, as far as I know, that supersedes WPA2 and WPA2 Enterprise.

Correct-a-mundo.

I think it's a near-top-priority right now for WiFi Security engineers, but as to when there will be a superseding security method..I know not. Could be that they ditch passwords altogether and use a certificate-like authentication, but that means it needs to be secure against certificate spoofing.

Share this post


Link to post
Share on other sites
16 hours ago, Dave-ee Jones said:

Correct-a-mundo.

I think it's a near-top-priority right now for WiFi Security engineers, but as to when there will be a superseding security method..I know not. Could be that they ditch passwords altogether and use a certificate-like authentication, but that means it needs to be secure against certificate spoofing.

How do you issue certs to each device, and what devices will inherently be able to support it in this manner. This being the age of TV's, game consoles and DVD players all being WPA2 compliant now, I think you would ultimately kill a huge trunk of the user base, if you suddenly go to a new standard, vs patching the existing model to keep legacy devices working.

  • Like 1

Share this post


Link to post
Share on other sites
26 minutes ago, Just_a_User said:

I'd suggest getting patches from official sources, but that's just me.

Share this post


Link to post
Share on other sites
13 minutes ago, digip said:

I'd suggest getting patches from official sources, but that's just me.

Are there official ones released? I prob missed them

Edited by Just_a_User

Share this post


Link to post
Share on other sites

OpenWRT is an alternative to most linksys devices. What is the device it goes on, the manufacturer? Either that, or go to the OpenWRT site, get official 3rd party firmware, which I'm sure at some point, the OpenWRT community will patch. Unless the git repo is one of the developers for OpenWRT(I don't know them), then I would probably avoid randomly found patches. I mean, it could be legit patched, but I'm a bit more cautious when it comes to some things. Especially when I don't see the code used in them, although you could unzip all the way down to the IPK and unzip them as well, I wouldn't know where to look specifically for changes that fix this issue. They apparently have their own GIT repo as well - http://git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=acfb6c2181b1589e5b2d0d121180bcc7d62d37d4

Edited by digip
  • Like 1

Share this post


Link to post
Share on other sites

I added the code reference for the wpad-mini package on github. https://github.com/kukulo2011/Openwrt_CC_Krack_wpad-mini

If  you are too afraid to install, you can still build a single package according to Openwrt wiki or wait for an official update.

The build of the wpad-mini took me around 1 hour on core i5 running ubuntu. Pushing and updating the router took 5 mins.

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

×