[PSA]For those who don't venture into the Arcadium, WPA2 exploited - Be aware

Hood Critic

Hood Critic

The Power Circle
Joined
May 2, 2012
Messages
26,222
Reputation
4,306
Daps
117,711
Reppin
דעת
Today a collection of severe security vulnerabilities in the WPA2 encryption protocol for Wi-Fi are being disclosed, along with a proof of concept exploit. The weaknesses center around the process used for negotiating the encryption keys used by the client and access point. These core vulnerabilities are part of the Wi-Fi Protected Access WPA standard itself, so even devices that correctly implement WPA2 according to spec are expected to be affected. Both personal and enterprise WPA modes are affected, and both the original WPA and WPA2 are affected. The primary mode of attack exploits vulnerabilities in client devices, but there are some variants that affect features used by some access points.
Click to expand...

Multiple WiFi Encryption Vulnerabilities Disclosed, Affecting Almost Everything
 
Y

Yapdatfool

Superstar
Joined
May 5, 2012
Messages
8,958
Reputation
1,387
Daps
23,688
Reppin
NULL
The primary mode of attack exploits vulnerabilities in client devices, but there are some variants that affect features used by some access points.
Click to expand...

:patrice:Those of yall who watched Mr. Robot hopefully paid attention when Elliot freaked out when the police station/prison used WPA2 and said 'shyt, its gonna take me days to get the handshakes'.

That said, update your AP firmware when they come out and you should be fine.
 
newarkhiphop

newarkhiphop

Moderator
Staff member
Supporter
Joined
Apr 30, 2012
Messages
39,439
Reputation
10,849
Daps
130,680
Yapdatfool said:
:patrice:Those of yall who watched Mr. Robot hopefully paid attention when Elliot freaked out when the police station/prison used WPA2 and said 'shyt, its gonna take me days to get the handshakes'.

That said, update your AP firmware when they come out and you should be fine.
Click to expand...


Love that show, took a online IT security hacking course cause of it, learned how to crack regular WPA networks pretty easily, WPA2 were doable to a certain extent but yes the automated process could take days


This new crack is scary literally any and every device that connects to wifi is affected
KRACK Attacks: Breaking WPA2
 
tru_m.a.c

tru_m.a.c

IC veteran
Staff member
Supporter
Hall of Fame
Joined
May 1, 2012
Messages
31,671
Reputation
6,972
Daps
91,553
Reppin
Gaithersburg, MD via Queens/LI
a
Yapdatfool said:
:patrice:Those of yall who watched Mr. Robot hopefully paid attention when Elliot freaked out when the police station/prison used WPA2 and said 'shyt, its gonna take me days to get the handshakes'.

That said, update your AP firmware when they come out and you should be fine.
Click to expand...
Any word when the fixes plan to be released?

@Hood Critic what should we do in the meantime?
 
Hood Critic

Hood Critic

The Power Circle
Joined
May 2, 2012
Messages
26,222
Reputation
4,306
Daps
117,711
Reppin
דעת
tru_m.a.c said:
a

Any word when the fixes plan to be released?

@Hood Critic what should we do in the meantime?
Click to expand...

Only thing you can do at this point is watch for updates to your routers and devices. We should start seeing updates from various manufacturers probably as early as yesterday/today. It looks like the exploit is mostly affects client devices (phones, laptops, etc.).

EDIT:
I also don't think that the exploit is in the wild as of yet, it's being presented at a con on 11/1. I think this info was released now to get manufacturers time to fix.
 
Y

Yapdatfool

Superstar
Joined
May 5, 2012
Messages
8,958
Reputation
1,387
Daps
23,688
Reppin
NULL
Hood Critic said:
Only thing you can do at this point is watch for updates to your routers and devices. We should start seeing updates from various manufacturers probably as early as yesterday/today. It looks like the exploit is mostly affects client devices (phones, laptops, etc.).

EDIT:
I also don't think that the exploit is in the wild as of yet, it's being presented at a con on 11/1. I think this info was released now to get manufacturers time to fix.
Click to expand...

Ubuntu/Debian/Linux just (and I mean two hours ago) release a security update to patch this vulnerability.

Don't freak out just yet, a lot has to go right in order for this to work, unless y'all use WPS or WPA or TKIP with WPA or WPA2 (which you shouldn't be anyways).

https://doublepulsar.com/regarding-krack-attacks-wpa2-flaw-bf1caa7ec7a0

Regarding Krack Attacks — WPA2 flaw
So there’s a new Wi-Fi attack. In the media it is being presented as a flaw in WPA protocol which isn’t fixable. This isn’t true.

Before we all burn the house down, however, and declare security problems not fixable, let’s get to some important things for organisations:

  • It is patchable, both client and server (Wi-Fi) side.
  • Linux patches are available now. Linux distributions should have it very shortly.
  • The attack realistically doesn’t work against Windows or iOS devices. The Group vuln is there, but it’s not near enough to actually do anything of interest.
  • There is currently no publicly available code out there to attack this in the real world — you would need an incredibly high skill set and to be at the Wi-Fi base station to attack this.
  • Android is the issue, which is why the research paper concentrates on it. The issue with Android is people largely don’t patch.
Click to expand...
 
mc_brew

mc_brew

#NotMyPresident
Joined
May 19, 2012
Messages
5,803
Reputation
2,695
Daps
19,991
Reppin
the black cat is my crown...
tru_m.a.c said:
See, the thing is, I get to work remotely

and now you're fukkn up my nap time lunch breaks
Click to expand...

Call Me James said:
I'm in the office today as well. I was looking forward to "working" from my balcony on this cool and partly cloudy day. :mjcry:
Click to expand...
i don't get to work from home so no sympathy from me is given..... i hope you both get hacked!!!!

:whoa: hold the snipers.... i was just joking..... :russ:
 
You must log in or register to reply here.
Top