Gonna be a long day for anybody with CPE that does WPA2..

Valdis_Kletnieks · October 16, 2017, 7:38am

Looks like WPA2 may have just become the new WEP.

And it looks like we're all going to be reflashing a lot of devices.

"The proof-of-concept exploit is called KRACK, short for Key Reinstallation
Attacks. The research has been a closely guarded secret for weeks ahead of a
coordinated disclosure that's scheduled for 8 a.m. Monday, east coast time. An
advisory the US CERT recently distributed to about 100 organizations described
the research this way:

"US-CERT has become aware of several key management vulnerabilities in the
4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The
impact of exploiting these vulnerabilities includes decryption, packet replay,
TCP connection hijacking, HTTP content injection, and others. Note that as
protocol-level issues, most or all correct implementations of the standard will
be affected. The CERT/CC and the reporting researcher KU Leuven, will be
publicly disclosing these vulnerabilities on 16 October 2017."

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

_Job_Snijders · October 16, 2017, 9:13am

Dear all,

Website with logo: https://www.krackattacks.com/

Paper with background info: https://papers.mathyvanhoef.com/ccs2017.pdf

Kind regards,

Job

Edwin_Pers · October 16, 2017, 12:09pm

I see here that MikroTik has patched this about a week ago: https://forum.mikrotik.com/viewtopic.php?f=21&t=126695

Any word on other vendor's response to this?

Ed

Gogan_James_Patrick · October 16, 2017, 12:13pm

Aruba: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt

-- Jim Gogan / UNC-Chapel Hill

Tarko_Tikan · October 16, 2017, 12:33pm

hey,

Any word on other vendor's response to this?

Aruba - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf

Teun_Vink1 · October 16, 2017, 1:32pm

https://github.com/kristate/krackinfo has a nice overview of various
vendors and their statuses, including links to their responses.

Best regards,
Teun

Leo_Bicknell1 · October 16, 2017, 1:51pm

Based on my reading this morning many (but not all) of the attacks are
against _clients_ with no way to migitate by simply upgrading AP's.

Sure, Windows, Mac, Linux...but also Android and iOS...and that "smart"
TV, the streaming stick plugged into it, the nanny cam, etc, etc, etc.

Brian_Bruns · October 16, 2017, 2:14pm

Ubiquiti already has it patched in UniFi firmware release 3.9.3 (see forums for more detail, or I'll be doing a sticky post in /r/ubiquiti later). 3.8.15 for Broadcom based APs like the first gen UAP-AC and ACv2 should be soon from what I read.

Don't know about Airmax yet though.

So, any bets on the likelihood of consumer gear getting fixes or are we pretty much only expecting prosumer and higher to actually get fixed?

Sean1 · October 16, 2017, 2:39pm

Cisco's PSIRT:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
sa-20171016-wpa

Some fixes appear to be available, or will be soon.