Most Valued Members cyberhash 201 Posted October 21, 2017 Most Valued Members Posted October 21, 2017 (edited) Having read about KRACK and using a Wi-Fi Router myself, i contacted the manufacturer of my router (Tp-Link) directly. They emailed me back and told me they were investigating and referred me to this forum post in the meantime. Goes into a little more depth of the vulnerability and might be of some interest for the other users on this forum for a bit of reading, even if your router is made by another manufacturer. Also speaks volumes when they have knew about it for at least 5 months and not even attempted to release firmware updates to address the issues for routers involved (including my own) hxxp://forum.tp-link.com/showthread.php?101094-Security-Flaws-Severe-flaws-called-quot-KRACK-quot-are-discovered-in-the-WPA2-protocol Edited October 21, 2017 by cyberhash r
Most Valued Members peteyt 396 Posted October 22, 2017 Most Valued Members Posted October 22, 2017 Surprised this hasn't been mentioned on here yet. Not read loads about it but it doesn't sound good. My ISP is apparently looking into the issue
itman 1,807 Posted October 22, 2017 Posted October 22, 2017 Microsoft issued a patch for it to all Windows vers. in the Oct. cumulative update. As far as routers go, you would be only vulnerable for all practical purposes if you used a Wi-Fi connection to the Internet. Most desktop users connect to an ISP via Ethernet using Wi-Fi only for within premises devices. On the other hand, U-verse based routers could have their WAN Wi-Fi connection hacked which is used to monitor the desktop TV devices. The attacker could use the router as part of a botnet stealing your bandwidth and causing your surfing to slow to a crawl. Smartphones are at risk with this vulnerability. Also any one using a laptop, tablet, etc. connecting outside of your home environment.
Most Valued Members cyberhash 201 Posted October 22, 2017 Author Most Valued Members Posted October 22, 2017 I think the fact that it's not been mentioned much is probably to keep users a bit more secure (as crazy as it sounds). The more people that know about the vulnerability then more people will exploit it. Plenty of hardware and software vendors have been aware of the issue for months but few have acted to try and resolve the problems. The details are that vague surrounding the exploit that nobody really seems to have a definitive answer as to what extent of both hardware and software is going to be affected. I think Smartphones are going to be the most problematic as many handsets are way beyond their end of life support and because of the numbers in use. Plus many people are solely Smartphone users and really don't think about security in the same manner as your desktop/laptop user. It's a big headache whatever way you look at it
itman 1,807 Posted October 22, 2017 Posted October 22, 2017 I have also seen a few comments that this vulnerability only applies to routers installed in a "client" configuration. That is the router is set to run in bridge or repeater mode. All home routers are set by default to run in "server" mode and have to be manually reconfigured to run in either of the prior "client" modes mentioned.
Most Valued Members peteyt 396 Posted October 22, 2017 Most Valued Members Posted October 22, 2017 28 minutes ago, itman said: I have also seen a few comments that this vulnerability only applies to routers installed in a "client" configuration. That is the router is set to run in bridge or repeater mode. All home routers are set by default to run in "server" mode and have to be manually reconfigured to run in either of the prior "client" modes mentioned. Would esets router scan be able to identify routers vulnerable alongside settings?
itman 1,807 Posted October 23, 2017 Posted October 23, 2017 (edited) 16 hours ago, peteyt said: Would esets router scan be able to identify routers vulnerable alongside settings? No. This is an encryption protocol vulnerabilty within the firmware of the device used to process the encrypted packets. Eset's router diagnostics checks for insecure settings such as open ports and the like. Perhaps the following published by the org. that discovered the vulnerability will aleviate some fears: Quote What if there are no security updates for my router? Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones. Quote Is it sufficient to patch only the access point? Or to patch only clients? Currently, all vulnerable devices should be patched. In other words, patching the AP will not prevent attacks against vulnerable clients. Similarly, patching all clients will not prevent attacks against vulnerable access points. Note that only access points that support the Fast BSS Transition handshake (802.11r) can be vulnerable. That said, we are working on access points modifications that do prevent attacks against vulnerable clients. These modifications are different from the security patches for vulnerable access points! So unless your access point vendor explicitly mentions that their patches prevent attacks against clients, you must also patch clients. Ref.: https://www.krackattacks.com/#details If you read the full article, it states that this vulnerability is actually a WAP/AP issue presently and in reality will only be fixed with changes to the AES protocol itself. Let's elaborate a bit on that. There are two types of routers; Ethernet and Wireless. The difference between the two is wireless routers incorporate the WAP hardware and firmware within the router. For Ethernet routers, the WAP is a separate device physically connected to the router via an Ethernet cable. Within the Ethernet router is firmware that allows the router to interface with the WAP for configuration purposes. However, the actual processing of packets and routing of them to the destination wireless devices is done by the firmware contained within the WAP. Summarizing, solutions such as AT&T U-verse that use a separate WAP device to communicate with home network devices will need to issue new WAP devices to their customers since as I am aware of, there is no way to programmatically update the WAP firmware. This probably will not happen since the WAP's have a limited range, 1000 ft or so, and being home network based, the likelihood of data interception is extremely low. Anyone who has applied Oct. Win Update patch an operates in a home network environment is secure against this attack. Edited October 23, 2017 by itman
Recommended Posts