EVERY Wireless Network Vulnerable!

Discussion in 'Technical' started by 3M-TA3, Oct 16, 2017.


Tags:
  1. 3M-TA3

    3M-TA3 Cold Wet Monkey

    Fundamental flaw in WPA/WPA2 handshake...:eek::eek::eek::eek::eek: Time to pull the rest on my CAT6

    Every Wi-Fi network at risk of unprecedented 'Krack' hacking attack

    "The vulnerability is the first to be found in the modern encryption techniques that have been used to secure Wi-Fi networks for the last 14 years.

    In theory, it allows an attacker within range of a Wi-Fi network to inject computer viruses into internet networks, and read communications like passwords, credit card numbers and photos sent over the internet.

    The so-called “Krack” attack has been described as a “fundamental flaw” in wireless security techniques by experts. Apple, Android and Windows software are all susceptible to some version of the vulnerability, which is not fixed by changing Wi-Fi passwords.

    “It seems to affect all Wi-Fi networks, it’s a fundamental flaw in the underlying protocol, even if you’ve done everything right [your security] is broken,” said Alan Woodward of the University of Surrey’s Centre for Cyber Security.

    “[It means] you can’t trust your network, you can’t assume that what’s going between your PC and router is secure.”

    Most modern Wi-Fi networks have their traffic encrypted by a protocol known as WPA or WPA-2, which has existed since 2003 and until now has never been broken. This protects data as it travels from a computer or smartphone to a router, stopping hackers and spies from monitoring networks or injecting malicious code into the transfer.

    Connecting to a secure network involves a four-way “handshake” between a device and a router to ensure that nobody else can decrypt the traffic. Researcher Mathy Vanhoef of the University of Leuven in Belgium found a way to install a new “key” used to encrypt the communications onto the network, allowing a hacker to gain access to the data. This could involve passwords, credit card numbers, photos and messages sent over a network to be stolen, or cyber attacks to be inserted into the traffic.

    The attack cannot be carried out remotely, an attacker would have to be in range of a Wi-Fi network to carry it out. It would also not work on secured websites - those that use https at the start of their web address instead of http.

    Prof Woodward said that the only way to fix the flaw would be to manually replace or patch every router in people’s homes. He said that while the attack was not technically easy, tools would soon spring up allowing criminals to carry out the attack."
     
    Motomom34 and Dunerunner like this.
  2. Dunerunner

    Dunerunner Brewery Monkey Moderator

    If the hardware isn't obsolete, make it vulnerable so that the market will perk up a bit...
     
    Last edited: Oct 17, 2017
    Yard Dart and Homer Simpson like this.
  3. 3M-TA3

    3M-TA3 Cold Wet Monkey

    Encryption flaws should be fixable via software, such as adding a WPA3 that isn't vulnerable. The fix needs to be at the router and all clients. I'll be checking daily for router and OS patches. I can't get everything off the wireless network, though, even with completing my CAT6 runs. I'm considering a second router - one just for devices that can't be patched like TV's on a separate IP address that's isolated from my non-entertainment network.
     
    Dunerunner likes this.
  4. Dunerunner

    Dunerunner Brewery Monkey Moderator

    Interested in how you accomplish this...
     
  5. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    You add a second Router to your Wired Network, that isolates your vulnerable things from the output of your Internet Connected Router.... Then you add a Static Route to the Second Routers Routing Table that goes directly to your Internet Connected Router, and ONLY to that Router and no where else.......
    One of the things I added to my network this summer is a Ubiquity Router, that Isolates each of the Output Router Ports from each other and depends on the Routing Table to determine which Ports, can see which other Ports... All Ports can see the Main Internet Connected Port, but the WiFi Network Port can ONLY see the Main Internet Port, and none of the other Subnet Ports, or the Backup Internet connected Port, of the Ubiquity Router...

    I had to learn the Router OS, and it was fairly complicated, but got it setup, by using a Test Network built out of Spare Parts and a couple of Laptops, and OLD Computers.... Got it all tested, and then installed the new Router, in place of my OLD Main Router, in late August... Been super HAPPY with the results....
     
    Ganado likes this.
  6. Bandit99

    Bandit99 Monkey+++ Site Supporter+

    Damn! Well, if this Belgium guy can do it then the hackers are doing it and doing it now... I am not sure what to do in the interim...if there is anything that can be done except wait for the patches to the routers. I just got this new Hughes Net installed also...dammit.
    The problem is not so much fixing the clients (include patch in updates) but I wonder about fixing the routers - meaning - will people have to be involved to update them and if so then it will turn into a real mess. This is really serious... Thanks 3M-TA3 and please keep us posted if you hear anything. I will be listening and watching too but I have seen nothing yet on the news sites.
     
  7. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    You are only vulnerable if you use WiFi on your local Network, and it is NOT isolated from the rest of your Network by a second Router...
     
    3M-TA3 likes this.
  8. ghrit

    ghrit Bad company Administrator Founding Member

    I was going to put the printer and scanner on my wireless network. I think I'll leave them wired---
     
    3M-TA3 likes this.
  9. 3M-TA3

    3M-TA3 Cold Wet Monkey

    Spent last weekend under my truck, looks like I'm going to be spending time under my house installing CAT6 to every device including TV's and other devices that don't move and have network jacks. I'm going to move my guest network to my backup router and configure per @BTPost above.
     
  10. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Good Idea, from a Security StandPoint... Separate your devices into Groups, with Different Subnets for each Group... Home Entertainment, Printing, Computers, Network Drives, ETC.... at that point you can decide Who gets to talk to Who, and Who gets Internet Access.... ALL My Rotating Network Memory sits on a completely different Subnet, from the rest of my varied Network SubNets... This Memory SubNet is NOT accessible from the Internet, or the WiFi SubNet, but only from the Computer SubNet, and the VPN Tunnel SubNet... Then if I need to get into the Memory SubNet, from Internet, or from the WiFi SubNet, I go thru my VPN Tunnel, which is Encrypted, and Totally SECURE, and sits on it's own SubNet, that ONLY has Internet, and WiFi Access from the outside... This is similar to what My Partner runs in his basement in Seattle, where our eMail, and WebServers are located.... We have yet to have a breach, although the Chinese, NKs, Russians, and Indians have been trying for a decade now...
     
  11. ghrit

    ghrit Bad company Administrator Founding Member

  12. Bandit99

    Bandit99 Monkey+++ Site Supporter+

    Whew! The scope of this is massive! Almost every home is using WiFi... I suppose some of companies that have access or control of the WiFi routers (Verizon, HughesNet, etc.) will be able to upgrade them via a broadcast but still the local user will have to get into them and set them to use WPA3 not such a big problem for me but I can see it will definitely be a huge mess for the majority of the folks (like many of my neighbors). I hope they are paying these WPA3 developers overtime cause we need it now...hopefully it is not totally different code for type of router, I doubt it.
     
  13. 3M-TA3

    3M-TA3 Cold Wet Monkey

    Lots of companies use mobile computing on campus like hospitals and clinics. These people are going to have a much harder time protecting their vulnerabilities.
     
  14. 3M-TA3

    3M-TA3 Cold Wet Monkey

    It's tough because we need to kill the vulnerability NOW, but at the same time need to ensure that there aren't unintended consequences like introducing new vulnerabilities on either end. I expect the engineers will be getting a LOT of overtime. Sucks because most of them are salaried so hopefully will get commensurate bonuses.
     
    Bandit99 likes this.
  15. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Actually, this issue is in the WPA Encryption Routine that was used by most, if not ALL, of the latest WiFi Routers... Since there is only a few Implimentations of this Protocol, and 99% of the OEMs just use the same Code, in their Products, only those need to be fixed, and then distributed to the OEMs of the WiFi Routers... in their firmware...
     
  16. Tempstar

    Tempstar Monkey+++

    Good Job! Once I saw what Router OS would do, my Ciscoo days were over.
    I feed a MikroTik RB750 from the fiber router supplied by the telco. That feeds a subnet that has a MikroTik 2.4 gig radio for the wireless. Anything such as a webserver goes out through the NAT on a forwarded port, and not the "factory" port for the device.
    As a side note, run Torch under "tools" and look how many devices "phone home". I have anything below port 80 disabled. Chinese IP cameras are notorious for this.
    In-network VPNs are your friend as well.
     
    3M-TA3 likes this.
  17. sec_monkey

    sec_monkey SM Security Administrator

    MikroTik, Cisco, Ubiquiti are among the affected vendors. almost every Wi-Fi device is at risk even if the vendors claim otherwise

    patched or unpatched Wi-Fi will still have issues
     
    Motomom34 likes this.
  18. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Only if the device uses the WPA Encryption Protocol Stack, and the access is thru the WiFi Port.... otherwise Not an issue...
     
    3M-TA3 likes this.
  19. sec_monkey

    sec_monkey SM Security Administrator

    3M-TA3 likes this.
  20. 3M-TA3

    3M-TA3 Cold Wet Monkey

    Patches are coming out, but it's going to be a constant game of hack, detect, patch, hack, etc.. Best to configure your network as has been suggested above because we never know when our pants are down our ankles or not anymore
     
    sec_monkey likes this.
  1. sec_monkey
  2. Yard Dart
  3. Motomom34
  4. DarkLight
  5. Motomom34
  6. sec_monkey
  7. sec_monkey
  8. sec_monkey
  9. melbo
  10. melbo
  11. sec_monkey
  12. sec_monkey
  13. sec_monkey
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7