Choose style:

Author Topic: WiFi WPA2 encryption/ security broken..?!  (Read 273 times)

0 Members and 1 Guest are viewing this topic.

Offline acer

  • Member
  • ***
  • Posts: 239
  • Karma: 28
    • View Profile
  • Peppermint version(s): Peppermint 8 64bit
WiFi WPA2 encryption/ security broken..?!
« on: October 16, 2017, 02:55:17 am »
Came across an article dated October 15th 2017 for all who use wifi, considering that WPA2 encryption has been with us since circa 2004.  :o (has it been THAT long)

https://www.alexhudson.com/2017/10/15/wpa2-broken-krack-now/

SWMBO and I only use wifi if absolutely necessary as we have been on a wired network for years at home.

This to me seems to be a major security headache as mobile phones, PC;s, Smart TV's etc..should use WPA2 encryption (being the current secure standard)
what now?
Firmware updates for newer devices perhaps leaving older devices insecure?
My initial reaction to this was planned obsolescence to create revenue but, now I'm not so sure.. :-\

Online VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 3286
  • Karma: 640
  • Peppermint Mod
    • View Profile
Re: WiFi WPA2 encryption/ security broken..?!
« Reply #1 on: October 16, 2017, 02:08:23 pm »
This one attempts to explain the attack vector: https://goo.gl/WdKzQP

Interesting!

Online VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 3286
  • Karma: 640
  • Peppermint Mod
    • View Profile
Re: WiFi WPA2 encryption/ security broken..?!
« Reply #2 on: October 16, 2017, 02:18:12 pm »

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 17784
  • Karma: 2117
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8 (64bit)
Re: WiFi WPA2 encryption/ security broken..?!
« Reply #3 on: October 16, 2017, 02:49:44 pm »
Still hunting further info, but if you run a full system update you should get:-

For Peppermint 7 and 8
hostapd_2.4-0ubuntu6.2
(hostapd is NOT installed by default in Peppermint, I've only included info about the update here in case you have installed it)
and
wpasupplicant_2.4-0ubuntu6.2

For Peppermint 5 and 6
hostapd_2.1-0ubuntu1.5
(hostapd is NOT installed by default in Peppermint, I've only included info about the update here in case you have installed it)
and
wpasupplicant_2.1-0ubuntu1.5

the changelog for those updates contain:-

Quote
wpa (2.4-0ubuntu6.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Multiple issues in WPA protocol
    - debian/patches/2017-1/*.patch: Add patches from Debian stretch
    - CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
      CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087,
      CVE-2017-13088

  * SECURITY UPDATE: Denial of service issues
    - debian/patches/2016-1/*.patch: Add patches from Debian stretch
    - CVE-2016-4476
    - CVE-2016-4477
  * This package does _not_ contain the changes from 2.4-0ubuntu6.1 in
    xenial-proposed.

So it looks like it's probably been patched, but as I said I'm still looking for further confirmation.

[EDIT]

Those CVE's are definitely the ones mentioned on the KRACKATTACKS website:
https://www.krackattacks.com/

And according to this:
https://github.com/kristate/krackinfo
it seems Debian/Ubuntu are one of the first to respond .. though definitive info is still a bit thin on the ground.

[EDIT2]

Further info which confirms those updates fix the issue (at least on the Peppermint client side):
https://usn.ubuntu.com/usn/usn-3455-1/
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13077.html
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13078.html
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13079.html
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13080.html
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13081.html
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13082.html
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13087.html
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13088.html
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13089.html
« Last Edit: October 16, 2017, 03:25:35 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline acer

  • Member
  • ***
  • Posts: 239
  • Karma: 28
    • View Profile
  • Peppermint version(s): Peppermint 8 64bit
Re: WiFi WPA2 encryption/ security broken..?!
« Reply #4 on: October 16, 2017, 03:35:22 pm »
Thanks guys!
Received the patches a couple of hours ago  :D

Router may still need a firmware update from manufacturer..[waits patiently but, doesn't hold breath]  ::)

EDIT: Windoze done theirs on patch tuesday (2nd tuesday of the month) but, nadella's padawan patchers screwed up the patches with reports of BSOD, bungled releases, stealthy NET upgrades, CRM blocks and complex fixes   :o
« Last Edit: October 16, 2017, 03:46:14 pm by acer »


Online VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 3286
  • Karma: 640
  • Peppermint Mod
    • View Profile
Re: WiFi WPA2 encryption/ security broken..?!
« Reply #5 on: October 16, 2017, 04:33:49 pm »
Tried to find the upgrade, at all the usual places, but finally gave up.

It came rolling into the 'update manager' app literally moments ago.  ;D

Okay, gotta do a reboot... BRB

Online VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 3286
  • Karma: 640
  • Peppermint Mod
    • View Profile
Re: WiFi WPA2 encryption/ security broken..?!
« Reply #6 on: October 16, 2017, 10:59:55 pm »
I'm on the '10' side, now.

Intel® PROSet/Wireless-AC 7260 WiFi Software 18.33.9.3 upgrade and new admin tools just arrived.

Looks like everyone's on it today: https://goo.gl/AG2idF

Gotta reboot again  :)

Works - no blue screen

Spoiler (click here to view / hide)
SSID:   Azetlor 5.0 GHz
Protocol:   802.11ac
Security type:   WPA2-Personal
Network band:   5 GHz
Network channel:   161
IPv4 address:   10.0.0.9
IPv4 DNS servers:   64.6.64.6   64.6.65.6
Manufacturer:   Intel Corporation
Description:   Intel(R) Dual Band Wireless-AC 7260
Driver version:   18.33.9.3
Physical address (MAC):   xx-xx-xx-xx-xx-xx
[close]

Thx, for starting this thread, acer!
« Last Edit: October 16, 2017, 11:20:04 pm by VinDSL, Reason: Addendum »

Online VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 3286
  • Karma: 640
  • Peppermint Mod
    • View Profile
Re: WiFi WPA2 encryption/ security broken..?!
« Reply #7 on: October 16, 2017, 11:27:12 pm »
BTW, in case you're wondering about my choice of DNS servers: https://goo.gl/ps2uiu

Just saying...  8)

Offline acer

  • Member
  • ***
  • Posts: 239
  • Karma: 28
    • View Profile
  • Peppermint version(s): Peppermint 8 64bit
Re: WiFi WPA2 encryption/ security broken..?!
« Reply #8 on: October 17, 2017, 04:12:21 am »
Hope others take heed and do the necessary.  ;)

Aside the usual tablets, pc's, laptops and mobile phones,
Just think of all the IoT devices affected, smart meters, smart TV's, sonos etc.
A lot of these devices may be in the wild for a while depending on manufacturer support. a potential security nightmare.  :o

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 17784
  • Karma: 2117
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8 (64bit)
Re: WiFi WPA2 encryption/ security broken..?!
« Reply #9 on: October 17, 2017, 07:36:41 am »
I'm on the '10' side, now.

Intel® PROSet/Wireless-AC 7260 WiFi Software 18.33.9.3 upgrade and new admin tools just arrived.

Looks like everyone's on it today: https://goo.gl/AG2idF

Gotta reboot again  :)

Works - no blue screen

Spoiler (click here to view / hide)
SSID:   Azetlor 5.0 GHz
Protocol:   802.11ac
Security type:   WPA2-Personal
Network band:   5 GHz
Network channel:   161
IPv4 address:   10.0.0.9
IPv4 DNS servers:   64.6.64.6   64.6.65.6
Manufacturer:   Intel Corporation
Description:   Intel(R) Dual Band Wireless-AC 7260
Driver version:   18.33.9.3
Physical address (MAC):   xx-xx-xx-xx-xx-xx
[close]

Thx, for starting this thread, acer!

Cheers VinDSL, just updated my 7260 AC on the dark side too, and I'd also second that "thanks" to acer :)
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec


Online murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 1310
  • Karma: 232
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8
Re: WiFi WPA2 encryption/ security broken..?!
« Reply #10 on: October 17, 2017, 08:49:31 am »
BTW, in case you're wondering about my choice of DNS servers...

Actually yes; are you still using Opera with VPN? Do you have any control over DNS resolution in that mode?

Online VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 3286
  • Karma: 640
  • Peppermint Mod
    • View Profile
Re: WiFi WPA2 encryption/ security broken..?!
« Reply #11 on: October 17, 2017, 11:43:23 am »
BTW, in case you're wondering about my choice of DNS servers...

Actually yes; are you still using Opera with VPN? Do you have any control over DNS resolution in that mode?

Opera with VPN is my current twist. Looking back, it seems that I switch browsers every 5-7 years. I'm not going back to Fx or Chromium.

The only difference is, I've temporarily given up on their dev release, and switched to the stable ver, on all my machines.

The dev branch is rather brittle right now, and requires more workarounds than I'm prepared to do, on a daily basis.

And, if by DNS resolution you mean controlling it with a local DNS hosts file or setting up a Verisign DNS firewall... no, I haven't tried either.

I imagine that kind of control would require a paid VPN service with additional features, or a proxy server setup remotely on my hosted web server, in the cloud - but, that's just a guess, since I haven't tried it.

Actually, the free, so called VPN service in Opera technically goes through proxy servers. It's not a true VPN service, in the classic sense, but it serves my purposes, at present. But, that's fodder for another discussion,. ;)

Online murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 1310
  • Karma: 232
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8
Re: WiFi WPA2 encryption/ security broken..?!
« Reply #12 on: October 17, 2017, 11:48:26 am »
Thanks, that's what I thought was the case too. It's a handy feature as far as it goes anyway  :)