Gonna be a long day for anybody with CPE that does WPA2..
Looks like WPA2 may have just become the new WEP. And it looks like we're all going to be reflashing a lot of devices. "The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that's scheduled for 8 a.m. Monday, east coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way: "US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017." https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-p...
Dear all, Website with logo: https://www.krackattacks.com/ Paper with background info: https://papers.mathyvanhoef.com/ccs2017.pdf Kind regards, Job
I see here that MikroTik has patched this about a week ago: https://forum.mikrotik.com/viewtopic.php?f=21&t=126695 Any word on other vendor's response to this? Ed -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Job Snijders Sent: Monday, October 16, 2017 5:14 AM To: valdis.kletnieks@vt.edu Cc: nanog@nanog.org Subject: Re: Gonna be a long day for anybody with CPE that does WPA2.. Dear all, Website with logo: https://www.krackattacks.com/ Paper with background info: https://papers.mathyvanhoef.com/ccs2017.pdf Kind regards, Job
Aruba: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt -- Jim Gogan / UNC-Chapel Hill -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Edwin Pers Sent: Monday, October 16, 2017 8:10 AM To: Job Snijders <job@ntt.net>; valdis.kletnieks@vt.edu Cc: nanog@nanog.org Subject: RE: Gonna be a long day for anybody with CPE that does WPA2.. I see here that MikroTik has patched this about a week ago: https://forum.mikrotik.com/viewtopic.php?f=21&t=126695 Any word on other vendor's response to this? Ed -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Job Snijders Sent: Monday, October 16, 2017 5:14 AM To: valdis.kletnieks@vt.edu Cc: nanog@nanog.org Subject: Re: Gonna be a long day for anybody with CPE that does WPA2.. Dear all, Website with logo: https://www.krackattacks.com/ Paper with background info: https://papers.mathyvanhoef.com/ccs2017.pdf Kind regards, Job
hey,
Any word on other vendor's response to this?
Aruba - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf -- tarko
On Mon, 2017-10-16 at 12:09 +0000, Edwin Pers wrote:
I see here that MikroTik has patched this about a week ago: https://f orum.mikrotik.com/viewtopic.php?f=21&t=126695
Any word on other vendor's response to this?
https://github.com/kristate/krackinfo has a nice overview of various vendors and their statuses, including links to their responses. Best regards, Teun
In a message written on Mon, Oct 16, 2017 at 03:38:19AM -0400, valdis.kletnieks@vt.edu wrote:
And it looks like we're all going to be reflashing a lot of devices.
Based on my reading this morning many (but not all) of the attacks are against _clients_ with no way to migitate by simply upgrading AP's. Sure, Windows, Mac, Linux...but also Android and iOS...and that "smart" TV, the streaming stick plugged into it, the nanny cam, etc, etc, etc. :( -- Leo Bicknell - bicknell@ufp.org PGP keys at http://www.ufp.org/~bicknell/
Ubiquiti already has it patched in UniFi firmware release 3.9.3 (see forums for more detail, or I'll be doing a sticky post in /r/ubiquiti later). 3.8.15 for Broadcom based APs like the first gen UAP-AC and ACv2 should be soon from what I read. Don't know about Airmax yet though. So, any bets on the likelihood of consumer gear getting fixes or are we pretty much only expecting prosumer and higher to actually get fixed? Sent from my iPad
On Oct 16, 2017, at 7:51 AM, Leo Bicknell <bicknell@ufp.org> wrote:
In a message written on Mon, Oct 16, 2017 at 03:38:19AM -0400, valdis.kletnieks@vt.edu wrote:
And it looks like we're all going to be reflashing a lot of devices.
Based on my reading this morning many (but not all) of the attacks are against _clients_ with no way to migitate by simply upgrading AP's.
Sure, Windows, Mac, Linux...but also Android and iOS...and that "smart" TV, the streaming stick plugged into it, the nanny cam, etc, etc, etc.
:(
-- Leo Bicknell - bicknell@ufp.org PGP keys at http://www.ufp.org/~bicknell/
Cisco's PSIRT: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- sa-20171016-wpa Some fixes appear to be available, or will be soon. -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of valdis.kletnieks@vt.edu Sent: Monday, October 16, 2017 12:38 AM To: nanog@nanog.org Subject: Gonna be a long day for anybody with CPE that does WPA2.. Looks like WPA2 may have just become the new WEP. And it looks like we're all going to be reflashing a lot of devices. "The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that's scheduled for 8 a.m. Monday, east coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way: "US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017." https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-p rotocol-leaves-wi-fi-traffic-open-to-eavesdropping/
participants (9)
-
Brielle
-
Edwin Pers
-
Gogan, James Patrick
-
Job Snijders
-
Leo Bicknell
-
Sean Pedersen
-
Tarko Tikan
-
Teun Vink
-
valdis.kletnieks@vt.edu