Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
snortingfrogs

WPA2 has been cracked

Recommended Posts

Apple will patch this in iOS 11.1 releasing soon.


CPU: Intel Core i7 7820X Cooling: Corsair Hydro Series H110i GTX Mobo: MSI X299 Gaming Pro Carbon AC RAM: Corsair Vengeance LPX DDR4 (3000MHz/16GB 2x8) SSD: 2x Samsung 850 Evo (250/250GB) + Samsung 850 Pro (512GB) GPU: NVidia GeForce GTX 1080 Ti FE (W/ EVGA Hybrid Kit) Case: Corsair Graphite Series 760T (Black) PSU: SeaSonic Platinum Series (860W) Monitor: Acer Predator XB241YU (165Hz / G-Sync) Fan Controller: NZXT Sentry Mix 2 Case Fans: Intake - 2x Noctua NF-A14 iPPC-3000 PWM / Radiator - 2x Noctua NF-A14 iPPC-3000 PWM / Rear Exhaust - 1x Noctua NF-F12 iPPC-3000 PWM

Link to post
Share on other sites
56 minutes ago, deltron3030 said:

And dude, where is your avatar from? It's so crazy.

To be honest I'm not even sure the exact source. I saw the gif some years ago and liked it. This is the closest I've found to any source or context. Volume Warning
 

Spoiler

 

 

Link to post
Share on other sites
12 hours ago, LAwLz said:

There were multiple exploits published with that white paper. Some are client related, and some are access point related. Honestly, you shouldn't really worry anyway because the attack is tricky to execute (for now) and patches are already rolling out for devices.

It is still recommended to install all updates which fixes the holes related to this.

 

It seems TP-Link thinks otherwise:

11 hours ago, Swatson said:
Quote

Q: What if there are no security updates for my router?
A: Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients.

 

 

 

Link to post
Share on other sites
1 hour ago, jagdtigger said:

It seems TP-Link thinks otherwise:

TP-Link disagrees on which point(s) exactly?

Of course they want you to update, but the vulnerability is quite overblown at this point.

 

It is hard to execute.

Clients are already being patched.

Patches to clients removes the main threat.

Link to post
Share on other sites
On 10/17/2017 at 8:11 AM, Donut417 said:

Id assume so. 

 

11 hours ago, VagabondWraith said:

Apple will patch this in iOS 11.1 releasing soon.

I'm currently using and iPhone 5 which can't be updated to iOS 11.1, is there any other way other than buying a new device to protect myself from this attack? I'm using am asus rt-ac68u as the router

Link to post
Share on other sites
14 minutes ago, Yongtjunkit said:

I'm currently using and iPhone 5 which can't be updated to iOS 11.1, is there any other way other than buying a new device to protect myself from this attack? I'm using am asus rt-ac68u as the router

As far as I am aware, there is no other way to protect yourself other than to install the security patches.

With that being said, there is no need to panic. The attack is hard to execute. It requires skills, and a lot of effort, on top of needing to be in range of your AP and device.

Link to post
Share on other sites
44 minutes ago, LAwLz said:

As far as I am aware, there is no other way to protect yourself other than to install the security patches.

With that being said, there is no need to panic. The attack is hard to execute. It requires skills, and a lot of effort, on top of needing to be in range of your AP and device.

Does this solution Protects devices with missing patch(software update?) by using enterprise WPA? 

 

 

Not to mention that my router and access point (powerline adapter) is set to full power if I wasn't mistaken. And I don't usually on the powerline adapter till night time 

F2658801-5848-4E43-A5FB-B16D96E1D11C.thumb.jpeg.10376453a9aee46ac33e54b28717b7f0.jpeg

Link to post
Share on other sites
2 hours ago, Yongtjunkit said:

Does this solution Protects devices with missing patch(software update?) by using enterprise WPA?

 

Not to mention that my router and access point (powerline adapter) is set to full power if I wasn't mistaken. And I don't usually on the powerline adapter till night time

Again, I haven't read the report but my understanding is that WPA2-Enterprise with certificates are vulnerable too. I don't see why it wouldn't be.

Link to post
Share on other sites
2 hours ago, Yongtjunkit said:

 

I'm currently using and iPhone 5 which can't be updated to iOS 11.1, is there any other way other than buying a new device to protect myself from this attack? I'm using am asus rt-ac68u as the router

Im not sure if updating your router is all you have to do. From my understanding all WiFi devices have this issue. While patched and non patched devices will be able to communicate, Im not sure what this does to your over all security. That being said, Ill assume your up shits creek on this one. Unless the Apple gods decide to just release a stand alone patch for older devices. 

 

I have a feeling your not the only person in this situation. How far back will router manufactures go with patches? My Dlink router hasnt had a firmware update in like 4 years. Lucky for me DDWRT was compatible and was a good upgrade for it. Now I gotta hope DDWRT updates their firmware otherwise Ill be upgrading to the new router. On top of the fact I have a host of devices, 3 phones, 3 tablets, first gen fire stick, second gen fire-stick, roku stick, and my laptop all on the wireless network. I gotta hope all these devices get updated. At this point all we can do is sit and watch. 


You ever notice that many establishments have a sign that as "No Shirt, No Shoes, No service"? They never say anything about pants............ You know what that implies. You dont have to wear pants. 

Link to post
Share on other sites
8 hours ago, jagdtigger said:

 

It seems TP-Link thinks otherwise:

If you read the whole thing they are still planning to patch affected devices.

Link to post
Share on other sites

Synology patched this last night for their routers, amongst a few other things. 

 

  1. Fixed multiple security vulnerabilities regarding WPA/WPA2 protocols for wireless connections (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088).

Best router brand I've had.  Just look at the volume of updates they put out: https://www.synology.com/en-us/releaseNote/RT2600ac


Workstation: 8600k @ 4.6Ghz || ASRock Z390 Taichi Ultimate || Gigabyte 1080Ti || G.Skill DDR4-3800 @ 2666 4x8GB || Corsair AX1500i || 25 gallon whole-house loop.

HTPC/GuestGamingBox: Optoma HD142X 1080p Projector || 7600K@ 4.6 || Gigabyte Z270 Gaming 9  || EVGA Titan X (Maxwell) || Corsair RM650x || CPU+GPU watercooled 280 rad pull only.

Server Router (Untangle): 8350K @ 4.5Ghz || ASRock Z370 ITX || 2x8GB || EVGA G3 750W || CPU watercooled, 25 gallon whole-house loop.

Server VM/Plex/HTTPS: E5-2699v4 (22 core!) || Asus X99m WS || GT 630 || Corsair RM650x || CPU watercooled, 25 gallon whole-house loop.

Server Storage: Pent. G3220 || Z87 Gryphon mATX || || LSI 9280i + Adaptec + Intel Expander || 4x10TB Seagate Enterprise Raid 6, 3x8TB Seagate Archive Backup, Corsair AX1200i (drives) Corsair RM450 (machine) || CPU watercooled, 25 gallon whole-house loop.

On the Shelf: EVGA X99 micro2, 780, 740 GT, 210 w/ DVI port unsoldered (Hint: it can be done but it ain't easy). 

Laptop: HP Elitebook 840 G3 (Intel 8350U).

Link to post
Share on other sites

According to the TP-Link forum, they're saying standard routers aren't affected. Does that sound right or are they just being lazy to provide an update?

 

Does Synology not make a lower level router? Cheapest I see is a 1900AC, which is over a $100. I'd be fine with a 1200AC level for well under a $100.

Link to post
Share on other sites
9 hours ago, deltron3030 said:

According to the TP-Link forum, they're saying standard routers aren't affected. Does that sound right or are they just being lazy to provide an update?

 

Does Synology not make a lower level router? Cheapest I see is a 1900AC, which is over a $100. I'd be fine with a 1200AC level for well under a $100.

There were multiple vulnerabilities disclosed. There are several small ones which aren't as serious, and some of those appear to affect all routers. Then there are some which don't affect all (because they lack support for 802.11r), and then there were some really big client vulnerabilities (which are unrelated to the routers).

 

The important updates are to the clients (so Windows, Android, MacOS, GNU/Linux, and so on) and not the routers. As long as your clients are patched you are relatively safe.

Link to post
Share on other sites
2 hours ago, LAwLz said:

There were multiple vulnerabilities disclosed. There are several small ones which aren't as serious, and some of those appear to affect all routers. Then there are some which don't affect all (because they lack support for 802.11r), and then there were some really big client vulnerabilities (which are unrelated to the routers).

 

The important updates are to the clients (so Windows, Android, MacOS, GNU/Linux, and so on) and not the routers. As long as your clients are patched you are relatively safe.

Android is going to be the main issue... The upcoming November security patch will plug it for all Nexus and Pixel devices, but who knows for other devices...

Link to post
Share on other sites
3 hours ago, Sniperfox47 said:

Android is going to be the main issue... The upcoming November security patch will plug it for all Nexus and Pixel devices, but who knows for other devices...

Id figure One Plus will patch their devices as Ive gotten 4 or 5 patches since getting my One Plus One in January. Samsung will probably patch their devices. But yeah, a lot of these rink a dink manufactures probably wont issue patches. 


You ever notice that many establishments have a sign that as "No Shirt, No Shoes, No service"? They never say anything about pants............ You know what that implies. You dont have to wear pants. 

Link to post
Share on other sites
1 hour ago, Donut417 said:

Id figure One Plus will patch their devices as Ive gotten 4 or 5 patches since getting my One Plus One in January. Samsung will probably patch their devices. But yeah, a lot of these rink a dink manufactures probably wont issue patches. 

There have been 10 months since January. You should have gotten 10 security patches. Instead 1+ updates every two months... ish... if they feel like it...

 

Google, Blackberry, Fujitsu, General Mobile, Gionee, LG, Motorola, Oppo, Samsung, Sharp, Sony, and Vivo can all stay on top of patches every month, why not 1+?

Link to post
Share on other sites
7 hours ago, Sniperfox47 said:

Android is going to be the main issue... The upcoming November security patch will plug it for all Nexus and Pixel devices, but who knows for other devices...

Why is it android is still un-patched against this?  I had heard Windows got it months ago...

Link to post
Share on other sites
1 minute ago, Ryan_Vickers said:

Why is it android is still un-patched against this?  I had heard Windows got it months ago...

Because manufacturers(well the very big majority of them) wont patch/update anything that is older than 1 or 2 year...

Link to post
Share on other sites
Just now, jagdtigger said:

Because manufacturers(well the very big majority of them) wont patch/update anything that is older than 1 or 2 year...

fail -_-

Link to post
Share on other sites
8 hours ago, Sniperfox47 said:

There have been 10 months since January. You should have gotten 10 security patches. Instead 1+ updates every two months... ish... if they feel like it...

 

Google, Blackberry, Fujitsu, General Mobile, Gionee, LG, Motorola, Oppo, Samsung, Sharp, Sony, and Vivo can all stay on top of patches every month, why not 1+?

The Fact is a lot of device manufactures dont support devices like One Plus. Thats part of the issue. The fact they have been patching it the way they have its good. Because to tell you what, LG never patched this way when I had the LG G3, never received regular patches from HTC when I had one of their devices. Samsung only patches because the US government made them. Google is the only company I know who regularly patches android devices, but the its their OS, so its expected. So the fact is 1+ in my eyes are doing what they need to do. They dont need to patch monthly, as long as the patches come in, thats all the matters. 


You ever notice that many establishments have a sign that as "No Shirt, No Shoes, No service"? They never say anything about pants............ You know what that implies. You dont have to wear pants. 

Link to post
Share on other sites
On ‎16‎.‎10‎.‎2017 at 3:04 AM, Ryujin2003 said:

Might just be better to reduce the power on your router. I can't access my network outside of my house, so someone would have to break in to attack WiFi... Internet security would be the least of problems at that point.

Does this only make my range less or also my speed? Else this would be an option for me.

 

@all, I also have a Pi-Hole. Does this also help with security regarding hackers etc.?

Link to post
Share on other sites
3 minutes ago, Buurvrouw said:

Does this only make my range less or also my speed? Else this would be an option for me.

 

@all, I also have a Pi-Hole. Does this also help with security regarding hackers etc.?

Speed should be fine as long as the range is decent.

If you are on the edge of the wifi range speeds will drop a lot, but as long as the range is somewhat decent speed shouldn't change mutch. It will change tho, it all depends what hardware you have and what you want from your wifi.

 

Pi-hole doesn't help because to keep it simple. The vulnerable part is between your router/access point and your end device (phone, computer) that is wirelessly connected. Whatever is behind the router doesn't really matter safety wise because the vulnerability isn't there.


If you want my attention, quote meh! D: or just stick an @samcool55 in your post :3

Spying on everyone to fight against terrorism is like shooting a mosquito with a cannon

Link to post
Share on other sites
4 minutes ago, samcool55 said:

Speed should be fine as long as the range is decent.

If you are on the edge of the wifi range speeds will drop a lot, but as long as the range is somewhat decent speed shouldn't change mutch. It will change tho, it all depends what hardware you have and what you want from your wifi.

 

Pi-hole doesn't help because to keep it simple. The vulnerable part is between your router/access point and your end device (phone, computer) that is wirelessly connected. Whatever is behind the router doesn't really matter safety wise because the vulnerability isn't there.

and how can I get my Connection secure? I read about that you should use a VPN for wireless devices now with this WPA2 shit. Also I have a AVM Fritzbox and they claimed not to have any probs regarding this.

Link to post
Share on other sites
18 minutes ago, Buurvrouw said:

and how can I get my Connection secure? I read about that you should use a VPN for wireless devices now with this WPA2 shit. Also I have a AVM Fritzbox and they claimed not to have any probs regarding this.

It's possible they have patched it or it wasn't an issue for them in the first place.

Thing is that your end devices also need patching (i think) which isn't an issue for linux because you can easily update them but android however could be an issue.

Windows is afaik not vulnerable either so that's not a problem either.

 

If the data leaves your end device encrypted (which is the case with HTTPS websites for example) there's no need to worry about it either. Even if the data gets stolen it's quite useless because it's already encrypted.

 

Getting a proper VPN subscription is always a good idea tho, if you can afford it i would get it :P


If you want my attention, quote meh! D: or just stick an @samcool55 in your post :3

Spying on everyone to fight against terrorism is like shooting a mosquito with a cannon

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×