Resultados 1 a 4 de 4
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    [EN] Wireless security protocol WPA2 vulnerable to hacking

    Alex Hern
    16 October 2017

    The security protocol used to protect the vast majority of wifi connections has been broken, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks, according to the researcher who discovered the weakness.

    Mathy Vanhoef, a security expert at Belgian university KU Leuven, discovered the weakness in the wireless security protocol WPA2, and published details of the flaw on Monday morning.

    “Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” Vanhoef said. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on.

    Vanhoef emphasised that “the attack works against all modern protected wifi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”

    The vulnerability affects a number of operating systems and devices, Vanhoef says, including Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and others.

    “If your device supports wifi, it is most likely affected,” Vanhoef writes. “In general, any data or information that the victim transmits can be decrypted … Additionally, depending on the device being used and the network setup, it is also possible to decrypt data sent towards the victim (e.g. the content of a website).”

    The researchers have given the weakness the codename Krack, short for Key Reinstallation AttaCK.

    The United States Computer Emergency Readiness Team (Cert) issued a warning on Sunday in response to the vulnerability.

    “The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection and others,” the alert says, detailing a number of potential attacks. It adds that, since the vulnerability is in the protocol itself, rather than any specific device or software, “most or all correct implementations of the standard will be affected”.

    The development is significant because the compromised security protocol is the most secure in general use to encrypt wifi connections. Older security standards have been broken in the past, but on those occasions a successor was available and in widespread use.

    Alex Hudson, the chief technical officer of subscription service Iron, says that it is important to “keep calm”.

    “There is a limited amount of physical security already on offer by wifi: an attack needs to be in proximity,” Hudson writes. “So, you’re not suddenly vulnerable to everyone on the internet. It’s very weak protection, but this is important when reviewing your threat level.

    “Additionally, it’s likely that you don’t have too many protocols relying on WPA2 security. Every time you access an https site … your browser is negotiating a separate layer of encryption. Accessing secure websites over wifi is still totally safe. Hopefully – but there is no guarantee – you don’t have much information going over your network that requires the encryption WPA2 provides.”

    Crucially, the attack is unlikely to affect the security of information sent over the network, which is protected in addition to the standard WPA2 encryption. This means that connections to secure websites are still safe, as are other encrypted connections such as virtual private networks (VPN) and SSH communications.

    However, insecure connections to websites – those which do not display a padlock icon in the address bar, indicating their support for HTTPS – should be considered public, and viewable to any other user on the network, until the vulnerability is fixed.

    Equally, home internet connections will remain difficult to fully secure for quite some time. Many wireless routers are infrequently if ever updated, meaning that they will continue to communicate in an insecure manner. However, Vanhoef says, if the fix is installed on a phone or computer, that device will still be able to communicate with an insecure router. That means even users with an unpatched router should still fix as many devices as they can, to ensure security on other networks.

    The international Cert group, based at Carnegie Mellon University, informed technology companies of the flaw on 28 August, meaning that most have had around a month and a half to implement a fix. The Guardian has asked Apple, Google, Microsoft and Linksys the status of their patches, but received no response at press time.
    Última edição por 5ms; 16-10-2017 às 09:30.

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    Krack 101

    The attack is particularly catastrophic on Linux and Android versions 6.0 and higher

    Lucian Constantin
    Oct 16 2017

    For years security experts have advised users to only connect to password-protected wireless networks to prevent traffic snooping attempts that could expose their sensitive data. Due to new vulnerabilities announced today in WPA2, the most widely used Wi-Fi security protocol, virtually all devices are now vulnerable to such attacks.

    The flaws, discovered by University of Leuven researcher Mathy Vanhoef, allow attackers in the vicinity of a legitimate WPA2-protected wireless network—like the one you have at home, at your favorite coffee shop or in your company—to intercept and decrypt traffic from connecting devices. In some cases it's even possible to inject malicious data into the traffic.

    The finding quickly became international news, but it's worth examining how it works and whether you're likely to be vulnerable.

    How does the attack work?

    Hackers would first need to set up a rogue access point that mimics a legitimate one and force nearby clients to connect to it. With this setup, they could then exploit the flaws found by Vanhoef to launch what the researcher calls a key reinstallation attack (KRACK).

    The attack targets the handshake and key negotiation between connecting devices and access points and forces clients to reuse an older session key. The encryption provided by the WPA2 standard is weakened as a result.

    It's worth keeping in mind that in order to pull off such an attack, a hacker would need to be in your device's Wi-Fi range and impersonate a network that your device already trusts and would attempt to connect to. Secondly, the attack does not compromise a Wi-Fi network's password, so a hacker won't be able to clandestinely join your home network.

    What hackers could do through KRACK is hijack the wireless traffic from your device and decrypt it, fully or partially depending on various factors. This could expose sensitive information such as passwords, messages, emails, and files if they are transmitted in plain text without an additional layer of encryption such as HTTPS.

    Who is affected?

    This is a protocol-level issue, so the vulnerabilities behind KRACK are not limited to specific implementations. If a device supports Wi-Fi, it is likely to be vulnerable to one of the attack's variants. The flaws affect both WPA2-Personal and WPA2-Enterprise, as well as older wireless security standards such as WPA that are considered insecure and shouldn't be used anyway. That said, there are differences between KRACK's impact on various operating systems. For some systems it's possible to decrypt a considerable number of data packets, but not all of them.

    The attack is particularly catastrophic on Linux and Android versions 6.0 and higher due to an additional implementation issue in the software package that handles WPA wireless connections. On these systems it's trivial for attackers to both decrypt and manipulate Wi-Fi traffic.

    Vanhoef estimates that over 40 percent of Android devices out there are impacted by this more severe version of the attack. And unfortunately, due to the version and vendor fragmentation in the Android ecosystem, it could be months until many of these devices receive patches. Some of them might remain vulnerable indefinitely because they're not supported by their manufacturers anymore.

    Windows and iOS are not vulnerable to the basic session key reinstallation attack—ironically [?] thanks to non-standard Wi-Fi implementations. However, these systems can be vulnerable to a similar attack against network group keys or can be attacked through a vulnerable access point.

    And this is another important aspect: Both wireless access points and clients are vulnerable, but most attacks are likely to be directed at clients. However, some devices can be both an access point and a client at the same time. For example, a wireless repeater is a device that connects to a wireless network, so it acts as a client, and then relays the signal to other clients, so it also acts as an access point.

    The good news is that patches will not break compatibility, so a patched client that's no longer vulnerable will be able to talk to an unpatched access point and the other way around.

    This is bad, but don't panic

    The best thing you can do is patch your devices—laptops, smartphones, routers—as soon as patches become available. This will be harder for some devices than others. For example, router firmware updates typically require users to check their device manufacturer's websites for updates, download the updates to their computers and then upload them to their routers via a web-based interface or an application.

    "This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users," the Wi-Fi Alliance, the industry organization that certifies Wi-Fi-compliant products, said in a statement. "Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together."

    The organization has shared information about these vulnerabilities with vendors and now checks for the flaws as part of its Wi-Fi certification process, which means future Wi-Fi-compliant products should be patched.

    The CERT Coordination Center at Carnegie Mellon University, which supports the U.S. government's Computer Emergency Readiness Team (US-CERT), published an advisory about this issue and maintains a list of affected hardware and software makers.

    Until patches become available, there are some things you can do to protect your devices and information. For one, check that your home network uses WPA2 with AES encryption, not TKIP. Both encryption options are vulnerable to traffic decryption via KRACK, but AES is not vulnerable to packet injection, which could have more serious consequences, such as injecting malware into legitimate web pages.

    Email and web traffic encrypted with TLS—like that to HTTPS-enabled websites—is theoretically protected against snooping because it adds an additional layer of encryption on top of what WPA2 provides. There are ways for man-in-the-middle attackers to strip away HTTPS from websites and redirect users to unencrypted versions, but such attempts won't work against well-configured servers.


  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    Do home routers really need urgent patching?

    D-Link reiterates KRACK researchers' assertion that APs aren't targeted.

    Ry Crozier
    Oct 18 2017

    Confusion is sweeping Australian internet users after the disclosure of a flaw in the WPA2 protocol used to secure wi-fi, with many unsure of what they need to patch.

    The flaw, which was made public late on Monday night local time, puts almost all personal and enterprise wireless-enabled devices and networks at risk of attack.

    The researchers who uncovered the so-called KRACK attack assert that it “does not exploit access points, but instead targets clients” - and that “for ordinary home users, your priority should be updating clients such as laptops and smartphones”.

    Despite this, there remains considerable confusion on whether home routers need to be updated or not.

    A D-Link A/NZ representative told Whirlpool that the vulnerability “is targeting ... clients and not the routers/access points" (APs).

    “If the router/AP is running in normal wi-fi mode (as an access point) – it is not vulnerable (but the client still is, unless it is patched),” the representative said.

    “A router/AP will only be affected if running in ‘AP client mode’ – this mode is not enabled in our routers and very rarely used in APs.”

    The D-Link representative indicated the router maker would patch its firmware using code from the manufacturers of wi-fi chipsets incorporated into its products.

    “But again – the important part is to patch the clients (computers, phones, tablets),” the representative said.

    “Modifying the wi-fi code on [a] router/AP will still leave clients exposed to this attack, unless they are patched.”

    Última edição por 5ms; 17-10-2017 às 19:20.

  4. #4
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    While it looks like Android and Linux devices are affected by the worst part of the vulnerabilities, allowing attackers to manipulate websites, Google has promised a fix for affected devices “in the coming weeks.” Google’s own Pixel devices will be the first to receive fixes with security patch level of November 6, 2017, but most other handsets are still well behind even the latest updates.

    Security researchers claim 41 percent of Android devices are vulnerable to an “exceptionally devastating” variant of the Wi-Fi attack that involves manipulating traffic, and it will take time to patch older devices.

    The Verge has reached out to a variety of Android phone makers to clarify when security patches will reach handsets, and we’ll update you accordingly.

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens