WPA2 Going the Way of WEP After Wi-Fi Researchers Find Critical Flaw

[LASER_oneXM]

...yet another article about the bug and some tips how to stay secure for the next couple of days:

source: Everything you need to know about KRACK, the WPA2 Wi-Fi vulnerability

How do I stay safe?
To be honest, for the next couple of days there aren't a ton of public options available to you. We're not going to tell you how it works or where to find more information on how exactly the attack works. But we can tell you what you can (and should do) to stay as safe as possible.

• Avoid public Wi-Fi at all costs. This includes Google's protected Wi-Fi hotspots until Google says otherwise. If your carrier forces your phone to Wi-Fi when in range, visit the forum for your phone to see if there's a workaround to stop it from happening.
• Only connect to secured services. Web pages that use HTTPS or another secure connection will include HTTPS in the URL. You should contact any company whose services you use and ask if the connection is secured using TLS 1.2, and if so your connection with that service is safe for now.
• If you have a paid VPN service that you trust you should enable the connection full-time until further notice. Resist the temptation to rush and sign-up for any free VPN service until you can find out if they have been vetted and will keep your data secure. Most don't.
• Use a wired network if your router and computer both have a spot to plug in an Ethernet cable. This exploit only affects 802.11 traffic between a Wi-Fi router and a connected device. Ethernet cables are relatively cheap and an eyesore strung across the carpet is worth it. Look for a Cat6 or Cat5e spec cable and there should be no configuration needed once plugged in.
• If you use a Chromebook or MacBook, this USB Ethernet adapter is plug-and-play.
• Relax.

What could happen if I am on an attacked network?
This hack can't steal your banking information or Google password (or any data on a correctly secured connection that uses end-to-end encryption). While an intruder may be able to capture the data you send and receive, it can't be used or even read by anyone. You can't even read it unless you allow your phone or computer to decrypt and unscramble it first.

An attacker may be able to do things like redirect traffic on a Wi-Fi network or even send bogus data in place of the real thing. This means something harmless like printing a thousand copies of gibberish on a networked printer or something dangerous like sending malware as a reply to a legitimate request for information or a file. The best way to protect yourself is to not use Wi-Fi at all until you're directed otherwise.

 

[LASER_oneXM]

There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections.

Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member. Wi-Fi Alliance is also broadly communicating details on this vulnerability and remedies to device vendors and encouraging them to work with their solution providers to rapidly integrate any necessary patches. As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers.

source: Wi-Fi Alliance® security update | Wi-Fi Alliance

 

[LASER_oneXM]

source: New KRACK Attack Breaks WPA2 WiFi Protocol

How to fix the KRACK Vulnerability?

The first thing you should do is not panic. While this vulnerability could allow an attacker to eavesdrop on or modify data being transmitted over wireless connections, at the same time, this attack is not going to be easy to pull off and a working exploit has not been published as of yet.

The good news is that this is a highly covered vulnerability and vendors will quickly release updates to fix this flaw. For consumers and business users, this means updating your router, access point, wireless network adapters, and devices with new firmware and drivers as they are released.

To make it easier for you, BleepingComputer has started compiling a list of vendors who have released advisories or driver and firmware updates. This list can be found at List of Firmware & Driver Updates for KRACK WPA2 Vulnerability and will be constantly updated as BleepingComputer receives new information.

 

[ForgottenSeer 58943]

I've spoken with all of my vendors today about patches.

Most have them in the pipeline. One of my vendors with a crucial piece of IoT I use issued an immediate short-term-solution patch by converting all of the transmissions from their devices to SSL with an EV certificate and are a couple weeks out from a permanent fix. So that was good news. My camera vendors have patches in the pipeline. Fortinet has patches in the pipe. I use a non-Fortinet AP right now because I was between product releases. That one doesn't list any incoming patches or notifications so I am replacing it with a $950 FortiAP 423 (already ordered)

I don't use any cheap Chinese IoT, anyone that does is hosed. (RIP) So within 7 days or less my home network will be completely immune to this.

 

[ForgottenSeer 58943]

1-2 DECADES to fix this mess.. Product recalls. What about all of the wireless medical devices? Hospitals largely moved to wireless monitors and medical equipment. This really is a time to panic, as most of it will NEVER be patched.

Why the Krack Wi-Fi Mess Will Take Decades to Clean Up

 

[VecchioScarpone]

1-2 DECADES to fix this mess.. Product recalls. What about all of the wireless medical devices? Hospitals largely moved to wireless monitors and medical equipment. This really is a time to panic, as most of it will NEVER be patched.

Why the Krack Wi-Fi Mess Will Take Decades to Clean Up

Interesting reading, thanks.
I'll defer the upgrade to NBN (fast broadband becoming compulsory here in Australia) as long as possible. I should have at least 18 month, by then as it require a new router, the internet provider should offer a new patched router.

 

[LASER_oneXM]

hi
here is a list with avail. updates/patches. The list was last updated: 10/20/17 14:35 EST
List of Firmware & Driver Updates for KRACK WPA2 Vulnerability

As many people have read or will soon read, there is a vulnerability in the WPA2 wireless protocol called Krack that could allow attackers to eavesdrop on wireless connections and inject data into the wireless stream in order to install malware or modify web pages.
To protect yourself, many WiFi product vendors will be releasing updated firmware and drivers for their products. It is strongly suggested that users update their hardware as soon as a update is available in order to protect themselves. This includes router firmware and wireless network card drivers.

To help with this, I have created a list of known information regarding various WiFi vendors and whether new drivers are available. As this vulnerability is fairly new, there is little information available, I advise you to check this page throughout the coming days to see if new information is available. This page includes information resulting from contacting of vendors, CERT's informative page, and other sources.
Last Updated: 10/20/17 14:35 EST

 

[ForgottenSeer 58943]

Fortinet 5.4 up to 5.6 firmware is already patched and good to go. Actually, 5.6.1 which came out back in July already fixed it. But now everyone on the 5.4 series is patched up and good to go. Also Fortinet RogueAP Suppression and WIDS already blocked KRACK starting a couple of years ago.

Devices stuck on 5.2 series of FortiOS will be getting patches shortly (within a couple days). But anyone on 5.2 that can upgrade to 5.4 or higher should do that provided the device supports it.

 

[ForgottenSeer 58943]

I never really bothered updating my camera firmware.. Shockingly, some were on 2013 firmware! While the KRACK firmware fixes aren't out yet, I took the liberty of updating all of them anyway. I'm not letting them lapse like that again. Although due to my internal network security and lockdown procedures it's unlikely they'd be compromised, none of then can even communicate outside of the LAN, and internally on a specific policy based VLAN.

Cameras are scary to update because some of mine are mounted in relatively difficult to reach positions and if the firmware doesn't set properly, I need to pull them down and factory reset them which becomes a serious pain. Here's to waiting for more firmware.. At least the rest of my network isn't impacted by this and now our phones are on VPN's while patches are being developed.