Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Old 10-16-17, 08:07 AM
  #1  
DVD Talk Hero
Thread Starter
 
D.Pham4GLTE (>60GB)'s Avatar
 
Join Date: Jul 2001
Location: Stick out your tongue!
Posts: 39,284
Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

This is a pretty serious issue, imo. Luckily, I have unlimited data, but if not, I might suggest using a good VPN.


https://www.google.com/amp/s/arstech...pping/%3Famp=1
D.Pham4GLTE (>60GB) is offline  
Old 10-16-17, 08:28 AM
  #2  
DVD Talk Hero
 
Join Date: Aug 1999
Posts: 27,486
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Yeah we're screwed. Guess my apple airport will finally be retired, since Apple doesn't make routers anymore, right? And since this mainly affects client side, I guess I'm forced to update to the latest ios, so bye bye legacy games.

Android and Linux seem particularly susceptible to this.

Seems like vendors were notified earlier and some have patched already, though I would await independent verification:
http://www.kb.cert.org/vuls/byvendor...&SearchOrder=4

Didn't someone just recently update the open router they were using from WEP to WPA2? Maybe they'll upgrade again in another five years.

Last edited by fujishig; 10-16-17 at 08:47 AM.
fujishig is offline  
Old 10-16-17, 03:30 PM
  #3  
DVD Talk Legend
 
kenbuzz's Avatar
 
Join Date: Jun 2000
Location: Bloomington, IN
Posts: 20,957
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

If possible, people with vulnerable access points and clients should avoid using Wi-Fi until patches are available and instead use wired connections. When Wi-Fi is the only connection option, people should use HTTPS, STARTTLS, Secure Shell, and other reliable protocols to encrypt Web and e-mail traffic as it passes between computers and access points. As a fall-back users should consider using a virtual private network as an added safety measure, but users are reminded to choose their VPN providers carefully, since many services can't be trusted to make users more secure.
Follow-up:
Linky: http://www.ibtimes.com/wifi-wpa2-kra...bility-2602197

The first thing any user should do is keep an eye out for patches. KRACK was first disclosed by researchers to vendors in July and disclosed to the Community Emergency Response Team (CERT) Communication Center—a partnership between Carnegie Mellon University’s Software Engineering Institute (SEI) and the U.S. Department of Homeland Security—in August. Broad disclosure of KRACK was delivered to vendors by CERT on Aug. 28, giving them plenty of time to prepare patches before public disclosure.

As a result, many companies have already prepared and released patches that protect users against the attack. Microsoft already issued a patch and published a security advisory about the vulnerability. Many versions of Linux have a patch available as well.

Google is also working on a patch for Android devices—which have been reported as potentially the most at risk—and will reportedly make a fix available in the next few weeks. Users may want to turn off Wi-Fi on their devices when possible until the patch is officially available.

Apple has thus far been silent on the issue—a troubling fact given the researchers single out MacOS as being easy to attack. The company’s mobile operating system, iOS, is generally considered safe.

Device manufacturers have also started to address the issue at their own pace, with some rushing out updates and others essentially dismissing the threat. Consumers are advised to keep an eye out for updates from router manufacturers, as those access points are just as at risk as devices.

The wait time for a fix will likely vary based on company. For example, Latvian networking device manufacturer MicroTik has already issued a fix while German router maker AVM has said they will only release an update “if necessary.”

While waiting for the fix, users can ensure their information is not compromised by practicing the safe browsing habits that they likely should be performing anyway. Symantec’s Wueest said users should make sure they are only sharing sensitive information on websites that use Secure Sockets Layer (SSL), a secure web protocol that encrypts information sent between a user and the site.

A person can check the SSL certificate of a website in their browser. Most browsers will display the connection status between a user and a website in the browser bar. A secure connection will usually display a green lock or a similar icon to signify the secure status of the site. Many modern browsers also warn a user if a connection in unsecure.

Wueest also recommended using a virtual private network or VPN.

When a user connects to a VPN, it creates an encrypted and secure connection between the user’s device and a remote server. Any information—from web activity to user information to passwords—is sent first through that encrypted connection.

Send a request for information (i.e., type in a web address in your browser) and that is forwarded through the VPN. The response it receives is sent back through the same, secure connection. By filtering information through the remote server, a VPN shields that data from anyone on the public network, including an attacker who may be exploiting KRACK.

"A VPN is the best practice anyway,” Wueest said. “If you're on vacation or at a Starbucks or any other open Wi-Fi, then you should use a VPN to protect yourself."
So for me:
- Wait on Google for an Android patch
- Wait on my router vendor for a patch
- Start using the VPN I paid for when I'm at Starbucks

Last edited by kenbuzz; 10-16-17 at 05:56 PM.
kenbuzz is offline  
Old 10-16-17, 03:46 PM
  #4  
DVD Talk Legend
 
kenbuzz's Avatar
 
Join Date: Jun 2000
Location: Bloomington, IN
Posts: 20,957
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Vulnerability list, by vendor:
Linky: http://www.kb.cert.org/vuls/byvendor...&SearchOrder=4
kenbuzz is offline  
Old 10-16-17, 10:38 PM
  #5  
DVD Talk Special Edition
 
Join Date: Mar 2002
Posts: 1,991
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

How will I know if my router maker has a patch? And if they do, how do I go about installing it.

My wireless router was provided by my ISP, CenturyLink, and set up by one of their subcontracted technicians. When I'm back east for a few months in the summer, it's the same situation. Different ISPs and routers, but same setups.

I wouldn't have the slightest idea how to go about fixing it.

BTW, anyone else clicking on the forum button (not the link under it) on the left side of the DVDTalk home page, selecting any forum page, and getting a "This is a non-secure form" dialogue box? It says it's sending it over an insecure connection. Happens in Safari and Firefox. Don't get it by clicking the link and going to the Forum page. This has been going on for about a week.

Last edited by Jon2; 10-16-17 at 10:49 PM.
Jon2 is offline  
Old 10-16-17, 11:23 PM
  #6  
DVD Talk Hero
Thread Starter
 
D.Pham4GLTE (>60GB)'s Avatar
 
Join Date: Jul 2001
Location: Stick out your tongue!
Posts: 39,284
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Isp provided routers are usually updated by the isp via OTA. When would be the question...
D.Pham4GLTE (>60GB) is offline  
Old 10-17-17, 08:15 AM
  #7  
Admin-Thanos
 
VinVega's Avatar
 
Join Date: Nov 2000
Location: Caught between the moon and NYC
Posts: 31,513
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Originally Posted by Jon2 View Post
BTW, anyone else clicking on the forum button (not the link under it) on the left side of the DVDTalk home page, selecting any forum page, and getting a "This is a non-secure form" dialogue box? It says it's sending it over an insecure connection. Happens in Safari and Firefox. Don't get it by clicking the link and going to the Forum page. This has been going on for about a week.
There's a discussion going on about it in Feedback, HERE

Adam Tyner suggested: "I bet it's because you're starting at http://forum.dvdtalk.com/ , but the login form routes you to https://forum.dvdtalk.com/ , and links to nearly all the main forums are also HTTPS, even from the insecure URL. If you update your bookmark, that could fix the problem.

I was running into the same thing, at least, and that corrected it for me. I needed to clear my browser history so the insecure version of the site would would stop auto filling too."
VinVega is offline  
Old 10-17-17, 08:19 AM
  #8  
Admin-Thanos
 
VinVega's Avatar
 
Join Date: Nov 2000
Location: Caught between the moon and NYC
Posts: 31,513
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

The Cisco advisory doesn't mention anything about Linksys Wireless routers (which I of course have one). Still making me nervous. I somehow doubt that it would not need some sort of patch. I don't broadcast my SSID at home (it stays hidden), so hopefully that would help with one of these attackers identifying a potential target?
VinVega is offline  
Old 10-17-17, 08:58 AM
  #9  
DVD Talk Godfather
 
fumanstan's Avatar
 
Join Date: Oct 2002
Location: Irvine, CA
Posts: 55,343
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Originally Posted by VinVega View Post
The Cisco advisory doesn't mention anything about Linksys Wireless routers (which I of course have one). Still making me nervous. I somehow doubt that it would not need some sort of patch. I don't broadcast my SSID at home (it stays hidden), so hopefully that would help with one of these attackers identifying a potential target?
Cisco sold Linksys awhile back and they're now owned by Belkin.
fumanstan is offline  
Old 10-17-17, 01:33 PM
  #10  
Admin-Thanos
 
VinVega's Avatar
 
Join Date: Nov 2000
Location: Caught between the moon and NYC
Posts: 31,513
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Originally Posted by fumanstan View Post
Cisco sold Linksys awhile back and they're now owned by Belkin.
Ah, thanks. Not up on business dealings obviously. Well, I suppose a firmware patch won't be coming out anytime soon for my router then.
VinVega is offline  
Old 10-18-17, 01:39 AM
  #11  
DVD Talk Limited Edition
 
Join Date: Feb 2000
Location: Sunny Hawaii
Posts: 6,662
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Yeah, Belkin basically abandoned all the old Linksys stuff (and old Belkin stuff too). They don't publish any new updates, and in many cases, don't even make the last existing firmware updates available.
TheBang is offline  
Old 10-18-17, 12:17 PM
  #12  
DVD Talk Legend
 
kenbuzz's Avatar
 
Join Date: Jun 2000
Location: Bloomington, IN
Posts: 20,957
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Phew! I thought TP-Link had abandoned support for their Archer routers (last firmware update was 2 years ago), but I just found the following:

Linky: http://www.tp-link.com/ca/faq-1970.html

Description

TP-Link is aware of vulnerabilities in the WPA2 security protocol that affect some TP-Link products. An attacker within wireless range of a Wi-Fi network can exploit these vulnerabilities using key reinstallation attacks (KRACKs). According to the research paper on KRACKs by Mathy Vanhoef that brought this vulnerability to the attention of vendors, the attack targets the WPA2 handshake and does not exploit access points, but instead targets clients. All vulnerabilities can be fixed through software updates since the issues are related to implementation flaws.

TP-Link has been working to solve this problem and will continue to post software updates at: www.tp-link.com/support.html. Products with TP-Link Cloud enabled will receive update notifications in the web management interface, Tether App or Deco App automatically.

More information about KRACK can be found through the link: https://www.krackattacks.com.

Affected TP-Link products:

Routers working in Repeater Mode/WISP Mode/Client Mode:
  • TL-WR940N with firmware version 3.17.1 Build 170717 Rel.55495n or earlier (Hardware Version 3.0 or earlier not affected)
  • TL-WR841Nv13 with firmware version 0.9.1 4.16 v0348.0 Build 170814 Rel.59214n or earlier (Hardware Version 12.0 or earlier not affected)
  • TL-WR840N with firmware version 0.9.1 4.16 v019a.0 Build 170524 Rel.56478n or earlier (Hardware Version 2.0 or earlier not affected)
  • TL-WR941HP with firmware version 3.16.9 Build 20170116 Rel.50912n or earlier
  • TL-WR841HP with firmware version 3.16.9 Build 160612 Rel.67073n or earlier
  • TL-WR902AC with firmware version 3.16.9 Build 20160905 Rel.61455n or earlier
  • TL-WR802N with firmware version 0.9.1 3.16 v0188.0 Build 170705 Rel.34179n or earlier
  • TL-WR810N with firmware version 3.16.9 Build 160801 Rel.57365n or earlier
  • Routers with WDS function enabled (disabled by default) may be affected. Refer to the FAQ to learn how to check if WDS is enabled on your router.
Range Extenders working in Repeater Mode during a WPA2 handshake that is initiated only when connecting or reconnecting to a router:
  • TL-WA850RE with firmware version 1.0.0 Build 20170609 Rel.34153 or earlier
  • TL-WA855RE with firmware version 1.0.0 Build 20170609 Rel.36187 or earlier
  • TL-WA860RE with firmware version 1.0.0 Build 20170609 Rel.38491 or earlier
  • RE200 with firmware version 1.1.3 Build 20170818 Rel.58183 or earlier
  • RE210 with firmware version 3.14.2 Build 160623 Rel.43391n or earlier
  • RE305 with firmware version 1.0.0 Build 20170614 Rel.42952 or earlier
  • RE450 with firmware version 1.0.2 Build 20170626 Rel.60833 or earlier
  • RE500 with firmware version 1.0.1 Build20170210 Rel.59671 or earlier
  • RE650 with firmware version 1.0.2 Build 20170524 Rel.58598 or earlier
Wireless Adapters:
  • Archer T6E
  • Archer T9E
Whole Home Wi-Fi System:
  • Deco M5 with firmware version 1.1.5 Build 20170820 Rel.62483 or earlier
Business VPN Router/CPE/WBS/CAP:
  • CAP300 with firmware version 1.1.0 Build 20170601 Rel.60253 or earlier
  • CAP300-Outdoor with firmware version 1.1.0 Build 20170601 Rel.60212 or earlier
  • CAP1750 with firmware version 1.1.0 Build 20170601 Rel.60196 or earlier
  • CAP1200 with firmware version 1.0.0 Build 20170801 Rel.61314 or earlier
  • TL-ER604W with firmware version 1.2.0 Build 20160825 Rel.45880 or earlier
  • CPE520 with firmware version 2.1.6 Build 20170908 Rel.45234 or earlier
  • CPE610 with firmware version 2.1.5 Build 20170830 Rel. 58245 or earlier
  • CPE510 with firmware version 2.1.6 Build 20170908 Rel. 45233 or earlier
  • CPE220 with firmware version 2.1.6 Build 20170908 Rel. 45233 or earlier
  • CPE210 with firmware version 2.1.6 Build 20170908 Rel. 45234 or earlier
  • WBS210 with firmware version 2.1.0 Build 20170609 Rel. 57434 or earlier
  • WBS510 with firmware version 2.1.6 Build 20170908 Rel. 45234 or earlier
Smart home devices:
  • Smart Plugs and Switch: HS100, HS105, HS110, HS200
  • Smart Bulbs: LB100, LB110, LB120, LB130, LB200, LB230
  • Smart Repeater with Plugs: RE350K, RE270K, RE370K
  • Cameras: NC250, NC260, NC450, KC120
How to protect your devices

Until a software update is available to eliminate the vulnerability for your product, it is recommended to take the following precautions:
  • For wireless routers: Make sure your routers are in Router Mode or AP Mode, and patch the operating system of your smartphones, tablets and computers.
  • For wireless adapters: Patch the operating system of your computers.
Microsoft security update: Microsoft has fixed such security issues as mentioned in https://portal.msrc.microsoft.com/en...CVE-2017-13080

FAQ on how to check if WDS function is used on TP-Link routers?

TP-Link has been working on affected models and will release firmware over the next few weeks on our official website.

Disclaimer

WPA2 vulnerabilities will remain if you do not take all recommended actions. TP-Link will not bear any responsibility for consequences that could have been avoided by following the recommendations in this statement.
I think I'm okay. I have a pair of Archer C5 (AC1200) routers. Per this page, "as for TP-Link wireless routers, they won’t be affected by the vulnerabilities when working in the default router mode or the access point mode. However, they can be affected when working in the WDS bridging mode, which is disabled by default and rarely used in most cases.". My routers don't use this mode.

Windows Update already patched my W10 machines, Google is working on patches to ChromeOS (Chromebooks) and Android (phones), and I can use cellular data for both while waiting.

Last edited by kenbuzz; 10-18-17 at 10:10 PM.
kenbuzz is offline  
Old 10-18-17, 03:40 PM
  #13  
Admin-Thanos
 
VinVega's Avatar
 
Join Date: Nov 2000
Location: Caught between the moon and NYC
Posts: 31,513
Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Originally Posted by TheBang View Post
Yeah, Belkin basically abandoned all the old Linksys stuff (and old Belkin stuff too). They don't publish any new updates, and in many cases, don't even make the last existing firmware updates available.
I found an update from July 2017 for my router. It didn't contain anything for the WPA2 issue of course. My router shit the bed after the install and I had to factory reset it. Got everything tweaked back the same way now though. If they threw out an update for July, maybe there's hope.
VinVega is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive Advertising Cookie Policy Privacy Statement Terms of Service

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.