Newbie Question on the New Rooter Hack

[Zmax]

Hi

 

I am not sure how this new hack works.  From what i can understand.

 

1 = You are connected to the internet via a modem with WiFI

2  = You have a couple of tablet laptop connected to the WIFI

3 = Some one finds your modem address, not sure how, but find it

4 = Using that Hack he can then enter any tablet or comp connected to the modem via the WIFI

5 = If you connect to a public WIFI at School Universite of Coffee House there a good chance that the hack will be there

 

Can the Hack affect my computer by bypassing my firewall or modem security. If I use a network cable and not the WIFI 

 

Is this correct.

 

 

 

[kirashi]

8 minutes ago, Zmax said:

that Hack

What is "that hack" you're talking about? There are many ways to break into a router or modem, number one being manufacturer backdoors or default passwords because apparently security isn't important for multi-billion dollar corporations.

[Levisallanon]

if you make sure you have the latest windows updates installed you are safe

https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-security-patches

[kirashi]

1 minute ago, Levisallanon said:

if you make sure you have the latest windows updates installed you are safe

https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-security-patches

Huh. Interesting. I mean, we all knew it was only a matter of time until this happened, so I'm really not surprised. Good thing I use Kerberos authentication at home.  

[RAM555789]

Yeah , make sure over the next couple of days your keeping your Microsoft security up to date. When an attack like that is developed they will get an update to fix it out really quick.

[Mira Yurizaki]

A commenter on Ars Technica mentioned that this doesn't affect HTTPS traffic, because it was designed with the assumption your channel isn't secure anyway. So even if you connect to a router that someone could listen in on with this exploit, it's fine if it's HTTPS traffic.

[Levisallanon]

4 minutes ago, M.Yurizaki said:

A commenter on Ars Technica mentioned that this doesn't affect HTTPS traffic, because it was designed with the assumption your channel isn't secure anyway. So even if you connect to a router that someone could listen in on with this exploit, it's fine if it's HTTPS traffic.

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

"The site went on to warn that visiting only HTTPS-protected Web pages wasn't automatically a remedy against the attack, since many improperly configured sites can be forced into dropping encrypted HTTPS traffic and instead transmitting unencrypted HTTP data. In the video demonstration, the attacker uses a script known as SSLstrip to force the site match.com to downgrade a connection to HTTP. The attacker is then able to steal an account password when the Android device logs in."

 

7 minutes ago, RAM555789 said:

Yeah , make sure over the next couple of days your keeping your Microsoft security up to date. When an attack like that is developed they will get an update to fix it out really quick.

it was patched a few days ago already. the people who found this hack are ethical hackers so they disclosed it privately first so manufacturers had time to patch it.

[Mira Yurizaki]

1 minute ago, Levisallanon said:

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

"The site went on to warn that visiting only HTTPS-protected Web pages wasn't automatically a remedy against the attack, since many improperly configured sites can be forced into dropping encrypted HTTPS traffic and instead transmitting unencrypted HTTP data. In the video demonstration, the attacker uses a script known as SSLstrip to force the site match.com to downgrade a connection to HTTP. The attacker is then able to steal an account password when the Android device logs in."

That's a problem of the server though, not that HTTPS is hosed. But good to know. For the record though, the quote of the post I was mentioning said (emphasis mine):

Quote

Note that HTTPS is designed to work over an untrusted channel, such as Wi-Fi with no encryption or Wi-Fi with broken encryption. So long as you don't ignore those HTTPS cert validation warnings, you can browse as safely as before.

 

[kirashi]

1 minute ago, Levisallanon said:

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

"The site went on to warn that visiting only HTTPS-protected Web pages wasn't automatically a remedy against the attack, since many improperly configured sites can be forced into dropping encrypted HTTPS traffic and instead transmitting unencrypted HTTP data. In the video demonstration, the attacker uses a script known as SSLstrip to force the site match.com to downgrade a connection to HTTP. The attacker is then able to steal an account password when the Android device logs in."

While this is true, it could happen prior to the WPA2 KRACK attack, so I blame the websites' server for allowing HTTP connections in the first place.

[jnic]

 

[Levisallanon]

2 minutes ago, M.Yurizaki said:

That's a problem of the server though, not that HTTPS is hosed. But good to know. For the record though, the quote of the post I was mentioning said (emphasis mine):

 

 

1 minute ago, kirashi said:

While this is true, it could happen prior to the WPA2 KRACK attack, so I blame the websites' server for allowing HTTP connections in the first place.

both true, but just stating here that we shouldn't say people to just visit all sites with https. especially the sites which normally don't enforce https might not have the things set up right so by trusting on this you trust on something which you know nothing about and can't see. Also this hack they are talking about for the https will work even if the browser doesn't give a cert error, it's a bit more tricky.
But back ontopic, as a windows user you don't have to be afraid. as an android user you want to stick to 3g or 4g untill you got an update from your manufacturer.

[ScratchCat]

22 minutes ago, Zmax said:

Hi

 

I am not sure how this new hack works.  From

3 = Some one finds your modem address, not sure how, but find it

4 = Using that Hack he can then enter any tablet or comp connected to the modem via the WIFI

5 = If you connect to a public WIFI at School Universite of Coffee House there a good chance that the hack will be there

 

 

3 - they have to be in range of your WiFi router to use the attack. Just check for updates for your router frequently over the next few weeks or make sure all devices are updated. As far as I can tell only one side needs to be patched to be secure, either the router or the clients.

4 - He can view the traffic and insert malware into that traffic in the form of ads etc, if you have a form of anti virus installed and some form of common sense i.e. don't click the " download this critical flash player update NOW! " you should be ok. Most common websites have HTTPS, which secures your connection to that website, ensure you are using this (green lock icon) when entering private details.

5 - Probably. Use a VPN or HTTPS websites where possible, however these access points were not secure to begin with.

[kirashi]

4 minutes ago, Levisallanon said:

--SNIP--

But back ontopic, as a windows user you don't have to be afraid. as an android user you want to stick to 3g or 4g untill you got an update from your manufacturer.

Sadly, I won't see any updates for my Galaxy Note 3... I wonder if I can file a class action again Samsung to get free VPN service for my phone? /sarcasm but not really

[Mira Yurizaki]

I suppose to put it this way, until your router or clients are patched, assume you're transmitting in the clear. That's basically the gist of this issue. If your end points are still practicing secure methods of communication, while it's still a problem that your Wi-Fi network is compromised, it mitigates what an attacker can do with any data they sniffed.

 

But at the end of the day, security or convenience: choose one.

[Zmax]

Sorry I did not post correctly - Yea that was the WPA2 ack

 

Ok so Public WIFI  is a no no 

 

Private (Home ) Wifi is ok  unless they are close to house or condo

 

Anyway I just remove WIFI from moden. Don`t really use it

 

Thanks all for the info. really appreciate it .  

[Donut417]

1 minute ago, Zmax said:

Sorry I did not post correctly - Yea that was the WPA2 ack

 

Ok so Public WIFI  is a no no 

 

Private (Home ) Wifi is ok  unless they are close to house or condo

 

Anyway I just remove WIFI from moden. Don`t really use it

To my understanding if your using WPA2 with AES, that limits what they can get from your network. That being said, router manufactures will have to update their firmware's to fix this issue. While disabling your WiFi is an extreme solution. If you dont rely on WiFi then it wouldnt hurt. In my opinion, if your router is not too old and you bought from a reputable manufacture then I feel the fix will most likely be out soon. If your using an ISP modem/route combo, god have mercy on your soul. As you gotta wait for the ISP to issue any updates. 

[Zmax]

Thanks Donut417  I sold my soul.  Not a expert on networking  I am just  old 

 

 

[Zmax]

1 hour ago, Levisallanon said:

if you make sure you have the latest windows updates installed you are safe

https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-security-patches

Thank you for the link

[Zmax]

One more question

 

Since windows as patched the WPA2 protocol . I should be ok when I use a laptop or IPad . The question is a public modem or School WIFI  . Am I, be still vulnerable if I use a windows 10 or Ipad

 

 

[Donut417]

39 minutes ago, Zmax said:

One more question

 

Since windows as patched the WPA2 protocol . I should be ok when I use a laptop or IPad . The question is a public modem or School WIFI  . Am I, be still vulnerable if I use a windows 10 or Ipad

 

 

Public WiFi generally doesn't use security so, yeah your vulnerable but not because of the hack. School WiFi depends. My school has an open and a secure network. 

[Zmax]

Since Phone use WIFI broadcast Is your phone as vulnerable as WIFI modem. If WPA2 is broken. So every brand of phone or modem that is not patch at risk ?

[Donut417]

11 minutes ago, Zmax said:

Since Phone use WIFI broadcast Is your phone as vulnerable as WIFI modem. If WPA2 is broken. So every brand of phone or modem that is not patch at risk ?

Every wireless device is at risk that uses WiFI. Its the security standard that is fucked at this point. So any device that relies on WPA2 is affected. Considering that the most secure and up to date security standard, we fucked. Until at least patches are released.  

[Zmax]

Thanks much appreciated.