WPA2 Going the Way of WEP After Wi-Fi Researchers Find Critical Flaw

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
This issue does not change anything for security-conscious users.
You don't transmit sensitive data over a simple HTTP connection, and you always are cautious with a file that you downloaded over a simple HTTP connection.
It's the people who don't worry about security who really have something to worry about.
 
F

ForgottenSeer 58943

VecchioScarpone

Level 6
Verified
Well-known
Aug 19, 2017
278
This is every bit a storm. Fortinet has all of their engineers working on firmware, IPS and examining mitigation methods. My Cisco engineer buddies tell me they are going through the same thing. This is pretty huge.
Sly I don't mean to argue, just that reading through the links of the thread I posted (hence my storm in a tea cup comment), it seems that windows already fixed that. Updating related software should fix that.
That the hackers need to be on range of a compromised or not updated wi-fi or router, what are the chances of that for a Joe Bloke to be so unlucky? @shmu26 post #25 make good sense. Average, uninformed or careless users are most at risk.
 
F

ForgottenSeer 58943

Quick and dirty countermeasure I guess;

Install a local VPN client from a local VPN server, such as Fortigate VPN. Put the wireless on it's own VLAN, then have local clients connect on the device to the VPN which will connect on it's own VLAN. Thus offering local WiFi connectivity but putting local clients through an encrypted VPN. Devices won't be visible as they will be on an internal, local VPN. :)
 

Entreri

Level 7
Verified
May 25, 2015
342
Good job to M$!

Android, lol, especially given various manufacturers. If you want to do anything secure, iOS is the way to go.
 
  • Like
Reactions: Venustus

LASER_oneXM

Level 37
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
F

ForgottenSeer 58943

Good job to M$!

Android, lol, especially given various manufacturers. If you want to do anything secure, iOS is the way to go.

Nice try, but iOS and Mac's, including Apples crap routers are all vulnerable to this.. That much has been CONFIRMED BY APPLE.

'iOS is the way to go' said nobody. Ever. Let's not even go to places where Apple fails, such as user configurability, flexibility, privacy and customization..

Wi-Fi WPA2 security cracked: Android & Linux most vulnerable, but iOS and macOS too [U]
 
F

ForgottenSeer 58943

The problem will be if in the meantime a toolkit is developed, some people using custom firmware already fixed that vulnerability, but a potential excalation will be measured by the full/partial coverage of manufacters time fixing and developing of toolkit for kiddies.

We'll have the full Fortinet product line covered with firmware releases in the next 48 hours or so. Also we will have some tricks in use for WIDS/RAP and IPS to help mitigate risk on impacted devices and IoT gear.

I feel bad for people with a lot of IoT in their homes.. Nothing like rushing into the frontier of IoT without understanding the potential for something catastrophic like this. Good luck getting those Chinese Vendors to issue patches for $19 Smart switches and $9 lightbulbs..
 

lowdetection

Level 7
Verified
Well-known
Jul 1, 2017
317
I will fix two Android devices running LineageOS 7.1.2 today.
For the router I expect a fix on next release.
I will destroy every device that is not fixed within a week.
 

przemo_one

Level 3
Verified
Feb 4, 2014
212
From what I understand attack comes by unprotected client. The only way to be safe is to use patched wpa_supplicant. In other words if you use only fixed clients there's no need to patch router.

New devices will most likely get the patch. Hi end devices for that matter definitely. As for old and lo end most of them will not. The only way to be protected is to use 3rd party ports but they might suffer from other vulnerabilities or even pre-installed malicious software.
 

Entreri

Level 7
Verified
May 25, 2015
342
Nice try, but iOS and Mac's, including Apples crap routers are all vulnerable to this.. That much has been CONFIRMED BY APPLE.

'iOS is the way to go' said nobody. Ever. Let's not even go to places where Apple fails, such as user configurability, flexibility, privacy and customization..

Wi-Fi WPA2 security cracked: Android & Linux most vulnerable, but iOS and macOS too [U]

I was talking in general, and iOS is indeed more secure. Couple of reasons for this, iOS gets updated for 5 years for product X and the Apple Store has so much less malware than the Android Store. Apple zero days are going for millions.
 
F

ForgottenSeer 58943

I was talking in general, and iOS is indeed more secure. Couple of reasons for this, iOS gets updated for 5 years for product X and the Apple Store has so much less malware than the Android Store. Apple zero days are going for millions.

Apples strength is also it's weakness. For example creating a development environment where a product released in 2010 must be fully compatible and use the same OS as a product released in 2018 is ridiculous from a development standpoint and only results in stagnation. I will agree Apple's Repositories are safer than Googles though, but on the flipside, you can put a real AV on Android and pretty much offset that risk.
 
  • Like
Reactions: lowdetection
F

ForgottenSeer 58943

From what I understand attack comes by unprotected client. The only way to be safe is to use patched wpa_supplicant. In other words if you use only fixed clients there's no need to patch router.

New devices will most likely get the patch. Hi end devices for that matter definitely. As for old and lo end most of them will not. The only way to be protected is to use 3rd party ports but they might suffer from other vulnerabilities or even pre-installed malicious software.

Obviously hardwired/ethernet devices aren't an issue unless those devices can swap to wireless, in which case, disable their WiFi cards if you exclusively leave them plugged in - then you are fine. UTM/NGFW solutions and wireless controller applications are being patched over the next 48 hours or so. IPS/IDS, WIPS/WIDS signatures are being developed for these to help mitigate risk on clients that are unpatched. I've reached out to camera firms like D-Link and TriVision and I am told they are all rushing out firmware patches to address this.

A very real worry will be cheap Chinese technology firm stuff. Those $9 Smart Bulbs everyone warned people not to buy. They'll never get patched. I know a guy with like 300 smart devices and IoT in his home, he's toast.. He also lives in a busy area which will likely increase his potential exposure to this.. War-Drive might become a big thing again.

Another worry (and it's a big worry) are legacy or older cycle products, not just EOL. The EOL stuff has to be thrown out. Fortinet - interestingly - is updating a discontinued firmware line to address this, which will effectively patch devices going back a decade! 5.2.11 was the last in the 5.2 line, but they are now releasing 5.2.12 - surprisingly!

Since this issue also comes with new WiFi standards, all new devices SHOULD in theory, have this addressed. But I would wait a year before buying anything unless you can be sure to manually patch it yourself.

Tip: If you have to wait more than a couple weeks for a patch you may want to remove the impacted device/s from your network. Possibly sell them on the used market or if possible return them. Any cheap Chinese IoT will never be patched, so just donate/sell/toss those.. UNLESS you can assume the risk of them AND you verify they only use 443 channels of communication..
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top