OT - Warning - Major WPA2 wireless security flaw
Peter Fulford
Posts: 1,325
in The Commons
Looks bad...
http://www.zdnet.com/article/wpa2-security-flaw-lets-hackers-attack-almost-any-wifi-device/
...because it is bad.
Be proactive looking for updates for your devices. If you're lucky you'll get one.
Daz 3D is part of 
Connect
DAZ Productions, Inc.
7533 S Center View Ct #4664
West Jordan, UT 84084
Licensing Agreement | Terms of Service | Privacy Policy | EULA
© 2025 Daz Productions Inc. All Rights Reserved.
Comments
I have just contacted Vodafone and ...a LOT of banging head on wall as they did not seem to realise what I was even talking about and were happy to tell me that my account was fine and as I could access the internet eveyrthing must be working ok. After insiting they send me an email confirming that everything was good he decided he'd go and check and call me back ...
so what is going to happen to people like me using a Dlink USB WIFI router?
will hackers be cruising down our streets compromising our modems?
I use a Vodafone equivalent of that, Wendy, and was told (yes, the guy did call me back liek he promised - and called back again when the line dropped!) and having checked he could say that there was no issue. If you are worried, call your support, or check the manufactureres website for updates.
you need to be in proximity to the Wi-Fi broadcast because this happens on the broadcast level of the Wi-Fi and not the router or anything past a cable. If you could do this then you would have to be close enough to the Wi-Fi where you can pick up the broadcast, but more importantly you need to actually develop to do this.
so could it done?
yes, it could be done.
has anyone pulled it off outside of a securities lab?
apparently not, and the lab did not state they had done it, they said it was possible but only under those conditions.
This is the unfortunate flaw of the proof of concept attack; someone needs to develop the actual tech to make this happen because as of now it does not exist outside of a white paper report.
are you worried?
You sould be, but not as much by this one in particualr.
There are considerably more flaws inherent to Wi-Fi that have not begun to be addressed, this one just appears to be popular right now.
My spelling erorrs are due to dysexia and nearly two decades in IT and Computer Security which doesn't take off for spellin'
I'm also dyslexic. Thank god for spell checker. I also have a problem with numbers.
When these vulnerabilities are discovered by good guys (academics, tech-geeks, etc), those good guys usually quietly tell the tech-security "industry" first - and the various members of that roll out patches before any public announcement. What struck me about this was how much stuff is still exposed, particularly on the Android and Linux side it seems.
As StratDragon points out, this currently isn't an easy hack. So it's more likely to be exploited by serious cyber criminals (and spies) going after high value targets. At this stage you're unlikely to have your wifi successfully probed by a local teenage scallywag. If the hack ever ends up available to the "script kiddies", then watch out.
And won't this sort of thing be fun when the "internet of things" is established. Today I also read about AI implants that "will allow you to control your home with your mind". Yeah, I'll leave that with them.
(smart-meter refusenik)
stratdragon, since you're a long time IT guy....
Do you think I'm being too pessimistic to think that one of these days this whole internet thing is going to have such bad security breaches happen that there will be a major drop in how people use it, and the pendulum will start swinging in the opposite direction and people will start disconnecting their internet? Up until now most people just see the awesomeness of the internet and don't seem to want to recognize the downsides.
I'm a huge fan of the internet, but geez when you look at fiascos like Equifax and this WPA2 and the list of all the other major security breaches, it makes me wonder if it's even possible to have real security.
My attempt to post this before seems to have disappeared (stupid phone), but the article states that homeland security has known about this for months. These kind of exploits tend to be quietly known long before white papers get written.
Wow who knew. lucky though we changed everything over this summer to Asus RT-AC88U router that requires a 2 step login. We had to get rid of the WPS router when they installed the security camera's, It looks like we lucked out and were ahead of the curve for a change.
WPA2 wireless security flow, means the first line of defense is gone, so keep your antivirus and/or antimalware up to date, and keep your worry level the lowest possible.
That makes 2 of us. However I do have a nice excuse to wave at them. My meters are behind 18-20 inch thick stone walls. Not sure a wireless signal can get through that. I have to make sure my radio controlled clocks are directly in line with a window when they do the stupid time change bit.
Will that help? If the connection once established is WPA2 then as I understand it it will be as vulnerable (or not, depending on other factors) as any other.
Hi StratDragon. Has there been any clarification on exactly how close the hacker has to be in order to do this? Are we talking in terms of feet, yards (or meters)?
The latest firmware (August) for the ASUS RT-AC88U does not list a fix for this "KRACK" vulnerability.
Even a company like Netgear has only released patches for a dozen of its routers so far. Amazing.
Within range of your wi-fi broadcast.
I've seen it noted in a few stories that if there is not an update for your hardware yet, make sure you are only using HTTPS sites. Not sure how much that actually helps, but apparently it does.
I'm hard pressed to think of any banking, credit card, or email service which doesn't use https nowadays. Unfortunately the news thing I watched last night showed how they could view the password by unwrapping the https or whatever. Not sure how they managed that.
I think I'll just use good ole cat5 and avoid wireless for secure stuff as much as possible.
I keep my abacus in a welded shut safe.
I am guessing from what the documents said on our ISP requirements through spectrum( cable DLS) our router uses different securty protocols from the wpa2 or WPS secure pass codes. we found this out when we had to find something that would work with our new the home security & IP camera's so we could use our iphones to monitor things. and the system required a QAM encryptions technology instead of the wps, which has a double layer protocols and 2 step vafications login . we went with this router because we also have our computers , TV, Home Lights, Iphone, Garage, EB generator etc all connected to the same home server network.
I can't say for sure. I like to think there are more white hats out there than black hats and a good number of gray hats trying to make the Internet better, and part of that is exposing things like the KRACK flaw. My understanding is MS patched this already and Apple has a patch in beta to be released soon.
In the mean time I would think a privatized internet for the sake of security would be inundated with far more intrusion from a wider group of angry users, and if you force companies to hire from a geographic demographic then don't expect best possible candidate to be hired by these companies that are in need of some real talent to keep them secure.
@frank0314
Yes, I know. I have caught myself writing numbers like 8ight and 9ine or editing a sentence when I new idea pops in my head and I write things like "need to you reset the factory to the device." and then posting it in the hopes it helped someone, but when I turn on Spell Checker on this site it becomes a "target rich" environment. I does make for some interesting reading though.
If life gives you melons your probably dyslexic
How do I figure out what that is?
No clue...
Well, I know that I get a notification that my internet is no longer available once I pull out of my driveway and am halfway across the street. So I am guessing that it extends from my house to about 100 feet all the way around as I can use it in my backyard as well.
We will get better security when the people responsible for implementing it have an incentive to provide it proactively, rather than thinking they can save money by not bothering, and covering their ass in case of a breach.
You can decrypt https traffic on a machine if you install the right software on it:
"Use Fiddler for security testing your web applications -- decrypt HTTPS traffic, and display and modify requests using a man-in-the-middle decryption technique. Configure Fiddler to decrypt all traffic, or only specific sessions."
https://www.telerik.com/fiddler
I've never used Wi-Fi, way too many potential security issues.
And it depends on the quality of the hacker's antenna and pre-amplifier system. A good antenna can improve a 1-bar signal to a 5 bar-signal or double or triple the distance. Let's even say up to a quarter mile (sans-obstructions)
Even with my off-the-shelf stock Linksys system and antenna I can pick up signals from across the creek several hundred yards away in the south end of town. When I use a "can" antenna I can zero in on some of them and even have enough strength (2 or 3-bars) to make a connection if they weren't encrypted.
Another layer of security always helps even if just a little. You can configure most decent WiFi routers to permit access to only a select few "MAC" addresses. (Nothing to do with Macintosh), MAC addresses are Machine Address Codes which are the six 2-digit hexadecimal numbers that are unique to each networkable machine and are built-in at the factory. This permits you to identify and let only your machines onto your network even if an intruder has your network's SSID and login information. You may have to dig into the advanced settings of your router and then dig into the network configuration details of your computers, printers, etc to get their MAC addresses but it does work. It is, however, a lot of tedious work, and if you have a network that has a lot of visitors it's a real pain in the ass to set up but as long as they don't change computers they can rejoin your network when close enough. Just make sure you trust them!
Good point: Media Access Controller filtering is always a good idea which looks like this
Mac Address xx:xx:xx:yy:yy:yy
You can add your machines OWN (not the one I posted) MAC address to your routers MAC filter provided it has one, most do. it's never a good idea to make these public BTW. Refer to your routers instructions or on the manufactures support page where some other nerds will be all to excited to help you and act like they are mentally superior because you need them to do computery stuff.
Here's how you get the MAC on a Mac...er. OS X
>System Preferences/Network/ select Wi-Fi, select Advanced and go to the Hardware Tab and Look under MAC Address
for iOS it's Settings>General>About go to Wi-Fi Address
Windows has an equally stupid method.
go to START, go to RUN, type CMD, type ipconfig /all and look for Physical Address
Other devices may have this printed on the side or bottom of their devices
One thing I did read is that routers with auto configure keys that allow the connection through a "secure button" on the front end of the router are less secure than just straight up connecting. You don't need the router password to get to the the computer "talking" to the router over; from what I'm reading it's intercepted if a hacker has the ability to see the info from the wireless device trying to connect.
If you are wired to the router then there is no WEP2 to intercept so you're safe from this and if your router is going to a cable modem or DSL (does anyone use DSL any more) then thats the end of the wireless signal so no more interception this flaw could take advantage of.
Again, this is a proof of concept and no one has made this happen, they could if they were really smart (but not like Indiana kid who finds a virus code and send it to his principal and it replicates out over the Midwest and he cries when the FBI bashes down his door because he had no idea)
I did read Microsoft already had a patch out and Apple may have bundled it with OS X 10.13 and iOS 11 (apple is silent as to what is in those securities updates, it keeps the hackers guessing) but a patch for earlier versions of OS X and iOS may be expected to roll out soon.
What I have not seen is a UNIX patch and even though there are like 2 UNIX threats out on the internet the attack is not specific to any OS as it's happening to the Wi-Fi radio on your computer.
[edit] I see the quote system works the same way as it did like two years ago. Does the search work or are you all using Google still?
I totally forgot that I did this, but after seeing this post I went and looked and apparently I already have this enabled, with just my cell phone, my sister's cell phone, my laptop and my Chromecast device on the allowed list. But now I have also remembered that I actually have a Chromecast device plugged into the back of my TV (I got it as a gift one year, loved it for about 3 months and then forgot all about it until today) - I guess I should unplug it and check if it has an update!
MAC filtering for your local home Wifi, and NordVPN for public wifi usage is all you need. This latest WPA2 security thing is way overhyped. Its most likely just a ploy to scare consumers into ditching their old routers and buying new equipment.