WPA2 has been cracked

[snortingfrogs]

According to Mathy Vanhoef and Frank Piessens at Katholieke Universiteit Leuven in Belgium several core elements in WPA2 has been cracked.

 

Source (In Swedish): https://kryptera.se/wpa2-har-blivit-knackt/
Source (Google translate): https://translate.google.com/translate?sl=sv&tl=en&js=y&prev=_t&hl=sv&ie=UTF-8&u=https%3A%2F%2Fkryptera.se%2Fwpa2-har-blivit-knackt%2F&edit-text=

 

From Twitter

Quote

flaw in the 4-way handshake. As I understand it, in many cases, this will be: "Throw your router away and buy a new one."

 

https://twitter.com/Nick_Lowe/status/919527451570638848

 

I guess this was bound to happen eventually, and it seems like most people will have to buy a new router.

This is quite massive and it will be very interesting to see the report tomorrow.

 

UPDATE!

The paper has now been released: https://www.krackattacks.com/

[ARikozuM]

Does not fit Tech News format.

 

You need to add personal thoughts to your post and possibly some more information from the source.

 

I hope this is as easy as disabling WPA2 rather than buying replacements... Otherwise, my wallet is going to feel pain replacing 5 AP's and two managed switches. 

[snortingfrogs]

37 minutes ago, ARikozuM said:

Does not fit Tech News format.

 

You need to add personal thoughts to your post and possibly some more information from the source. 

Added some thoughts, but for now this is the source I got, tomorrow we will have more info when the report will be released.

[Lurick]

From what I can tell with a brief look over the paper, it MIGHT be able to be fixed with a firmware upgrade or code change to the key generation algorithm on the router's side. From reading one of the sections about getting the KEK, depending on what's used by the router itself to generate the key (big or small endians) then it can be a monumental task to get the key. The attack also appears to need TKIP to work, which should have been replaced by AES-256 at this point and using AES might make this attack moot, but I haven't read much more beyond that.

[The_Tempo_Golem]

3 minutes ago, Lurick said:

From what I can tell with a brief look over the paper, it MIGHT be able to be fixed with a firmware upgrade or code change to the key generation algorithm on the router's side. From reading one of the sections about getting the KEK, depending on what's used by the router itself to generate the key (big or small endians) then it can be a monumental task to get the key. The attack also appears to need TKIP to work, which should have been replaced by AES-256 at this point and using AES might make this attack moot, but I haven't read much more beyond that.

you lost me at KEK

i guess i will just have to replace my router or update it 

 

[Lurick]

Just now, That Minecraft Player said:

you lost me at KEK

i guess i will just have to replace my router or update it 

 

Depends on how old the router is. Not going to say anything yet since I'm still reading and double checking but you might be okay if you can disable TKIP and force AES encryption, or at least I hope that's it  

[Zodiark1593]

*grins to self as I don't have a home wifi point to begin with*

 

Would a custom firmware be able to ward off such attacks without replacement of hardware?

[Lurick]

3 minutes ago, Zodiark1593 said:

*grins to self as I don't have a home wifi point to begin with*

 

Would a custom firmware be able to ward off such attacks without replacement of hardware?

Possibly, it would depend on if the routers can handle the change, if a manufacturer will update the code, and if clients won't need an update to work on the new changes. The clients shouldn't need any changes since it's basically how the router generates the initial keys for encryption of traffic, but you never know  

[paddy-stone]

Might sound stupid here (probably). But what if you don't broadcast your SSID?

[Bananasplit_00]

huh, this could be pretty bad. all my wifi is running WPA2 security

[Lurick]

3 minutes ago, paddy-stone said:

Might sound stupid here (probably). But what if you don't broadcast your SSID?

Just a minor nuisance for people who would actively look to attack a wireless network. It still broadcasts out, it just can't be seen by some consumer devices and script kiddies or idiots looking for a "lul"

[JAKEBAB]

29 minutes ago, paddy-stone said:

Might sound stupid here (probably). But what if you don't broadcast your SSID?

Super easy to get a "hidden" SSID. 

 

I havent read the article but wpa2 has been "cracked" years ago exploiting 4 way handshake so this is either super old or a different method.

 

Edit: looks like it might actually be new.

[paddy-stone]

Just now, Lurick said:

Just a minor nuisance for people who would actively look to attack a wireless network. It still broadcasts out, it just can't be seen by some consumer devices  

Ahh yeah, if it's a focused attack then yeah I kinda knew that you could have better equipment to see those. I meant more so as a stop-gap to prevent drive-by attacks/circumstancial.

I'm only using AES on my wifi networks anyway, so if it's only for TKIP I'm OK.

1 minute ago, JAKEBAB said:

Super easy to get a "hidden" SSID.

Yes I am running mine like that now. I meant would it stop these attacks from passers-by basically

[LAwLz]

Will be interesting to see what gets announced tomorrow.

We have next to no info about how the attack works, but judging by the abstract removing support for RC4 might fix it.

I don't know what the spec says, but using separate keys for unicast traffic vs broadcast/multicast traffic might solve the issue too.

Apparently Meraki has pushed out a vague update to their access points which some speculate is a fix for this issue. Gonna try and find the bugfix in the change log and see what it says.

Edit: I can't find where to check older firmware change logs. Does anyone know? I can only see the change logs of yet-to-be-installed firmware.

 

 

26 minutes ago, paddy-stone said:

Might sound stupid here (probably). But what if you don't broadcast your SSID?

Doesn't help.

I recommend you turn on your SSID again if you have it hidden. Your clients will leak the SSID anyway. It really adds no extra protection whatsoever. In the worst case scenario it might actually reduce security because your device might be sending out your SSID even when you are not in range. So if you take your laptop to school it might be broadcasting your home WiFi name for everyone at your school to see.

 

 

Edit:

Links to related vulnerabilities so that people can find them easily tomorrow:

CVE-2017-13077 | CVE-2017-13078

CVE-2017-13079 | CVE-2017-13080

CVE-2017-13081 | CVE-2017-13082

CVE-2017-13084 | CVE-2017-13086

CVE-2017-13087 | CVE-2017-13088

[paddy-stone]

1 minute ago, LAwLz said:

Will be interesting to see what gets announced tomorrow.

We have next to no info about how the attack works, but judging by the abstract removing support for RC4 might fix it.

I don't know what the spec says, but using separate keys for unicast traffic vs broadcast/multicast traffic might solve the issue too.

Apparently Meraki has pushed out a vague update to their access points which some speculate is a fix for this issue. Gonna try and find the bugfix in the change log and see what it says.

 

 

Doesn't help.

I recommend you turn on your SSID again if you have it hidden. Your clients will leak the SSID anyway. It really adds no extra protection whatsoever. In the worst case scenario it might actually reduce security because your device might be sending out your SSID even when you are not in range. So if you take your laptop to school it might be broadcasting your home WiFi name for everyone at your school to see.

Don't go to school at my age fortunately, lol. Anyone else that has access to my hidden wifi turns the wifi off when they leave the house.. all others go on my guest wifi. I know it's not a fix, just was saying that "hey it might be better than broadcasting". Hopefully there'll be a fix for the crack anyway. But I live a bit off the beaten path anyway, so unless someone's actively targetting my home shouldn't be too much danger, I hope.

[JAKEBAB]

13 minutes ago, paddy-stone said:

Ahh yeah, if it's a focused attack then yeah I kinda knew that you could have better equipment to see those. I meant more so as a stop-gap to prevent drive-by attacks/circumstancial.

I'm only using AES on my wifi networks anyway, so if it's only for TKIP I'm OK.

Yes I am running mine like that now. I meant would it stop these attacks from passers-by basically

No it will do nothing. If your scanning for networks, every ssid will show regardless if its "hidden" or not. 

[S w a t s o n]

38 minutes ago, Lurick said:

The attack also appears to need TKIP to work, which should have been replaced by AES-256 at this point and using AES might make this attack moot, but I haven't read much more beyond that.

Apparently not?

 

[dfsdfgfkjsefoiqzemnd]

26 minutes ago, Lurick said:

Depends on how old the router is

Well, with some luck D-Link will push an update for mine.  It's been a while

 

 

(and yes, I'm on the latest version)

[AresKrieger]

Can't remember how old my router is but it doesn't have wifi so not sure if this affects me or not and I got it a bit before borderlands was released, so 8 years+ so it probably has multiple issues I'm unaware of anyway. Regardless if I need to replace it I'll make one essentially to avoid these potential issues down the line.

[leadeater]

4 hours ago, Lurick said:

The attack also appears to need TKIP to work

Haven't most people in the security industry recommended to not use TKIP for a few years now? I thought flaws with it were already discovered, or at least theorized. 

[Sakkura]

So... how's that WPA3 work coming along?

[Nicnac]

took way too long. had to buy wifi ...... -.- 

[Trippik]

This is going to cause businesses problems and security weaknesses for years to come  

[Liltrekkie]

This can indeed be fixed via a firmware update, as my wireless AP had an update to fix this very handshake issue. 

 

Proof: 

[desertcomputer]

MAC FILTERING ON. SEPARATED VLAN ON. Still only would able to access my wireless network unless i have made firewall pinhole for certain mac addresses.