WPA KRACK attack

Help on building IPFire & Feature Requests
Post Reply
Breathewave d(-.-)b
Posts: 28
Joined: April 25th, 2009, 12:13 pm

WPA KRACK attack

Post by Breathewave d(-.-)b » October 16th, 2017, 12:00 pm


User avatar
MichaelTremer
Core Developer
Core Developer
Posts: 5775
Joined: August 11th, 2005, 9:02 am

Re: WPA KRACK attack

Post by MichaelTremer » October 16th, 2017, 3:03 pm

Support the project with our Donation Challenge!

Get Commercial Support for IPFire and more from Lightning Wire Labs!

Image

User avatar
MichaelTremer
Core Developer
Core Developer
Posts: 5775
Joined: August 11th, 2005, 9:02 am

Re: WPA KRACK attack

Post by MichaelTremer » October 16th, 2017, 3:12 pm

And a little bit more detail over here: https://planet.ipfire.org/post/krack-at ... -their-way
Support the project with our Donation Challenge!

Get Commercial Support for IPFire and more from Lightning Wire Labs!

Image

dnl
Posts: 374
Joined: June 28th, 2013, 11:03 am

Re: WPA KRACK attack

Post by dnl » October 17th, 2017, 6:13 am

Thanks for being quick to react Michael.

It's been 15 hours since your post, when do you expect the 32-bit packages please?

I read that the original wpa_supplicant patch for this vulnerability availble by the 16th did not actually mitigate it. Hopefully that's now been resolved!

Edit:
See https://www.krackattacks.com/#paper Addendum: wpa_supplicant v2.6 and Android 6.0+
Although this paper is made public now, it was already submitted for review on 19 May 2017. After this, only minor changes were made. As a result, the findings in the paper are already several months old. In the meantime, we have found easier techniques to carry out our key reinstallation attack against the 4-way handshake. With our novel attack technique, it is now trivial to exploit implementations that only accept encrypted retransmissions of message 3 of the 4-way handshake.

We would like to highlight the following addendums and errata:
Linux's wpa_supplicant v2.6 is also vulnerable to the installation of an all-zero encryption key in the 4-way handshake. This was discovered by John A. Van Boxtel. As a result, all Android versions higher than 6.0 are also affected by the attack, and hence can be tricked into installing an all-zero encryption key. The new attack works by injecting a forged message 1, with the same ANonce as used in the original message 1, before forwarding the retransmitted message 3 to the victim.
Obviously IPFire doesn't have the apparently extra buggy android implementation, but it's worth keeping an eye on that software in case they release another patch.
Last edited by dnl on October 17th, 2017, 9:20 am, edited 2 times in total.
IPFire 2.x (Latest Update) on x86_64 Intel Bay Trail CPU, 4GiB RAM, RED + GREEN + BLUE + ORANGE

dnl
Posts: 374
Joined: June 28th, 2013, 11:03 am

Re: WPA KRACK attack

Post by dnl » October 17th, 2017, 9:04 am

For the record the Git link in your Planet IPFire post seems to be incorrect.

I think it should be what you used in Twitter: https://git.ipfire.org/?p=ipfire-2.x.gi ... 6d384a6bc9
IPFire 2.x (Latest Update) on x86_64 Intel Bay Trail CPU, 4GiB RAM, RED + GREEN + BLUE + ORANGE

Post Reply