WPA2 Wi-Fi users – ie, almost all of us – have had a troubling Monday with the arrival of research demonstrating a critical design flaw in the technology used to secure our wireless networks. A flaw so bad, it can be exploited by nearby miscreants to potentially snoop on people's internet connections over the air. However, don …

COMMENTS

Post your comment

House rules Send corrections

Add to 'My topics'

Page:

Tuesday 17th October 2017 06:17 GMT thames

Already patched here.

The patch for Ubuntu appeared on my PC in the middle of the afternoon yesterday (Monday). The update icon appeared in the launcher bar, I clicked on it, and it was done in a few seconds.

No problems so far, but then I don't have Wifi on this machine either! The one thing that I've got that uses Wifi (a cheap ebook reader) also never seems to get any updates for anything.

11 4 Reply
1. Tuesday 17th October 2017 06:58 GMT gypsythief
  
  Re: Already patched here.
  
  Except that as I understand the issue, _everything_ needs patching; not just your laptop (not withstanding "but then I don't have Wifi on this machine either"), but your router also.
  
  And good luck getting any patches out of Brontosaurus Telecom. This problem ain't going away anytime soon.
  
  6 8 Reply
  1. Tuesday 17th October 2017 08:47 GMT Solarflare
    
    Re: Already patched here.
    
    If he isn't using WiFi (i.e. he is cabled in) then he isn't going to have much of a problem with this one...
    
    20 0 Reply
2. Tuesday 17th October 2017 12:47 GMT Lord Elpuss
  
  Re: Already patched here.
  
  "...but then I don't have Wifi on this machine either!"
  
  Good for you. I'd suggest you're definitely in the minority though...
  
  3 3 Reply
  1. Tuesday 17th October 2017 14:00 GMT MyffyW
    
    Re: Already patched here.
    
    Wish I could say the same. My debian boxen are patched-to-the-teeth as befits my probably-somewhere-on-the-spectrum habit. But that Kindle eBook reader from 2011 probably isn't. You could say "chuck it", or I could say "fuck it" ...
    
    7 0 Reply
Tuesday 17th October 2017 06:21 GMT Griffo

Has to be within range

TheReg seems to think that having to be within WiFi range is a huge obstacle:

"For a start, an eavesdropper has to be in wireless range of the target network, and have the time and specialized software to pull off the KRACK technique."

Well.. sure. But from my house I can see about 15 of my neighbours' networks, and at my office I can see an amazing number. So yeah, only a couple of dozen networks that right now are probably wide open to me breaking. But nothing to see here.. move on.

37 2 Reply
1. Tuesday 17th October 2017 06:57 GMT Charles 9
  
  Re: Has to be within range
  
  And that's not counting wardrivers and other dedicated radio hacks that can use directional antennas and other equipment to get longer range and stay out of sight.
  
  24 1 Reply
  1. Tuesday 17th October 2017 07:34 GMT An nonymous Cowerd
    
    Re: Has to be within range
    
    I have ethically hacked, as in taken over my own wi-fi router and intercepted a client using it, from a Landrover parked >2.5 kilometres away on a hill. Because I was asked to do it, in writing, and then it was publicly published somewhere in IEEE proceedings or similar, never to be seen again. been there done that!
    
    requirements:
    
    £99 https://hakshop.com/products/wifi-pineapple or similar
    
    £99 https://www.wimo.com/download/18686.24.pdf (1MB pdf) to get you >sixty watts EIRP
    
    tho' many wardrivers, and I know some - they do exist - probably use the ebay £40 Alfa.com.tw adapters with a 9-dBi vertical (the wardrivers that I know have toured my area, and done a slurp on all open/WEP/WPS APs, plotted them on OS maps or equivalent, and $Deity alone knows what they are up to)
    
    28 1 Reply
    1. Tuesday 17th October 2017 08:25 GMT big_D
      
      Re: Has to be within range
      
      But at the end of the day, this is unlikely to happen to the vast majority of home networks.
      
      Business networks are another thing altogether.
      
      Because of the physical proximity and the effort involved, think of this as more of a phishing attack, as opposed to a normal spam attack.
      
      This doesn't belittle the impact of the problem, but, at least at first, I would expect this attack to be limited in scope to targets that have something to lose. Your average home router probably has much easier to exploit, un-patched remote access vulnerabilities anyway.
      
      11 2 Reply
      1. Wednesday 18th October 2017 08:20 GMT Wayland
        
        Re: Has to be within range
        
        Murder does not happen to the vast majority of people but it's still serious. It will happen where there is a good reason to do it.
        
        3 0 Reply
2. Tuesday 17th October 2017 07:07 GMT Lysenko
  
  Re: Has to be within range
  
  If you (as an attacker) are going to procure special equipment (as this attack requires) and physically locate yourself in the vicinity of the target then you could also physically tap the ADSL lines[1] which has the added advantage of not showing up in any of the target's logs. More prosaically, since you're physically in the vicinity, you could just look for open windows and burgle the target.
  
  Physical proximity is a big deal in practice. Most attacks that I detect originate with skiddies operating via CN addresses so anything involving visa rules and airfares eliminates the vast majority of potential miscreants at a stroke. In fact (now that I think of it), I can't remember the last time anything suspect resolved to a local (and I mean country, not neighbourhood) address.
  
  [1] TraceSpan and Broadframe make kit for this, but as with the KRACK technique you could build your own.
  
  16 14 Reply
3. Tuesday 17th October 2017 08:55 GMT Pascal Monett
  
  Re: Has to be within range
  
  I believe that startup incubators have a bunch of companies that are in range of each other without much choice in the matter.
  
  I know one which actually only has one WiFi access point for all the freelancers in the vicinity. No cables available.
  
  Would be like shooting fish in a barrel.
  
  15 2 Reply
  1. Tuesday 17th October 2017 09:33 GMT sabroni
    
    Re: Has to be within range
    
    If the two possibilities are every machine in the world and every machine in wifi range then it's worth mentioning that the second is virtually 0 compared to the first.
    
    10 0 Reply
4. Tuesday 17th October 2017 12:35 GMT Rich 11
  
  Re: Has to be within range
  
  But from my house I can see about 15 of my neighbours' networks, and at my office I can see an amazing number.
  
  I used to be able to see a dozen of my neighbours, until I went around each one and suggested they lower their power output. Now I usually only see four to six, and we're hopefully not interfering with each other so we should get better bandwidth. (Of course it helps that I live in an area of narrow streets and terraced houses with no long gardens, so no-one was inconvenienced by the limited range.)
  
  7 0 Reply
  1. Tuesday 17th October 2017 12:53 GMT Anonymous Coward
    
    Re: Reducing WiFi power?
    
    I didn’t know that there was a setting to reduce your WiFi router’s power output. I’ll need to guddle in the settings and have a look for it...?
    
    4 0 Reply
    1. Wednesday 18th October 2017 08:26 GMT Wayland
      
      Re: Reducing WiFi power?
      
      Some of the newer 802.11 protocols do 'beam shaping' (Ruckus). This allows them to listen and talk in the direction of who they want to talk to. The difference in connection and width is amazing. In the case of a Ruckus Access Point even good old 802.11g is miles better. You can actually reduce the need for boosters and repeaters simply by having the right signal.
      
      5 0 Reply
  2. Wednesday 18th October 2017 14:02 GMT Updraft102
    
    Re: Has to be within range
    
    I got you both beat! Right now, I have 48 APs showing on inSSIDer on my laptop. I'm in a regular single-family house, not a flat, and still... 48. I mean, that includes mine (one for 5GHz, one for 2.4, one 2.4/guest), but it's still a lot. InSSIDer has been running a while, a few hours maybe, so any network that drifts in and out is listed. When I restart inSSIDer, it shows only 30 or so, but it creeps up and up...
    
    Of those 48, four are in the 5 Ghz band. (I wonder why my bluetooth audio connection between my laptop and my desktop PC (which has decent speakers, unlike the lappy) sometimes can't seem to find a channel it can use... no, not really.)
    
    2 0 Reply
5. Tuesday 17th October 2017 12:57 GMT Anonymous Coward
  
  Re: Has to be within range
  
  As @Griffo said, Indeed, I can see WiFi networks of all neighbours on my road (without any fancy aerial kit).
  
  Similarly, at work, with PC and phone, I can see lots of WiFi networks.
  
  Most pubs, restaurants, coffee shops I can see lots of networks around
  
  Yes, there will be some isolated areas that you would look suspect, but lots of networks could be "hidden" hacked.
  
  And lots of chances to "lurk" without being in a vehicle but still not look suspicious, e.g. waiting at a bus stop with cracking software running
  
  7 0 Reply
  1. Tuesday 17th October 2017 14:55 GMT big_D
    
    Re: Has to be within range
    
    At home, I can see 3 other networks, at work I can barely see our own!
    
    Even on the street in front of the premises, there are no other networks visible.
    
    3 0 Reply
  2. Wednesday 18th October 2017 08:28 GMT Wayland
    
    Re: Has to be within range
    
    Sitting with a laptop and antenna looks suspicious. Holding a phone looks normal.
    
    1 0 Reply
6. Tuesday 17th October 2017 23:21 GMT jobst
  
  Re: Has to be within range
  
  ..... and all those coffee shops and free wifi's!
  
  0 0 Reply
  1. Wednesday 18th October 2017 06:18 GMT big_D
    
    Re: Has to be within range
    
    Many free wifi places have other problems, like no WPA2 anyway, they often use unencrypted links, so the WPA2 problem is irrelevant, the data can be sniffed anyway.
    
    4 0 Reply
7. Wednesday 18th October 2017 08:17 GMT Wayland
  
  Re: Has to be within range
  
  Easy to hook into some WiFi from 2 miles away.
  
  2 0 Reply
8. Friday 20th October 2017 11:13 GMT Anonymous Coward
  
  Re: Has to be within range
  
  OC'd antenna and I can see over 200 wifi access points from my study, I'm in a small rural town and not near the center of town either.
  
  It's scary to think of how many are out there. Even seen two with WEP enabled.
  
  1 0 Reply
This post has been deleted by its author
Tuesday 17th October 2017 06:33 GMT Field Commander A9

MAC Filtering

If my router isn't getting patched any time soon, does enabling MAC filtering protect against this attack?

14 2 Reply
1. Tuesday 17th October 2017 06:42 GMT Charles 9
  
  Re: MAC Filtering
  
  No, because they can spoof an existing whitelisted member.
  
  20 0 Reply
2. Tuesday 17th October 2017 06:43 GMT Chronos
  
  Re: MAC Filtering
  
  Never rely on MAC filtering for anything. MAC spoofing is utterly trivial. That's not to say don't enable MAC filtering and know what's on your network, just don't treat it as a layer in the security onion.
  
  IPSEC is your friend if you really want to be secure over 802.11. There's the obvious trade-off in CPU cycles and throughput overheads, natch, but you need to define your priorities and compromise accordingly.
  
  19 0 Reply
  1. Tuesday 17th October 2017 07:26 GMT Anonymous Coward
    
    Re: MAC Filtering
    
    Oooh, have an upvote for the "Security Onion", my friend :-)
    
    11 2 Reply
3. Tuesday 17th October 2017 08:38 GMT Dan 55
  
  Re: MAC Filtering
  
  No, because MACs are sent in the clear so can be discovered easily.
  
  8 0 Reply
  1. Tuesday 17th October 2017 12:31 GMT TRT
    
    Re: MAC Filtering
    
    MAC spoofing is also an integral part of the attack.
    
    2 0 Reply
4. Tuesday 17th October 2017 12:51 GMT Lord Elpuss
  
  Re: MAC Filtering
  
  2 dickheads found it necessary to downvote the OP for daring to ask a question. Sigh.
  
  #despairs
  
  36 4 Reply
  1. Tuesday 17th October 2017 22:02 GMT Adam 1
    
    Re: MAC Filtering
    
    @LordElpuss
    
    You must be new here.
    
    6 1 Reply
Tuesday 17th October 2017 06:37 GMT Chronos

LEDE

hostapd in LEDE has been patched in the master branch. This does mean you'll have to build it yourself until the snapshot builds catch up. Yet one more reason, were it needed, to eschew devices which rely on vendor patches.

3 0 Reply
1. Tuesday 17th October 2017 06:43 GMT Charles 9
  
  Re: LEDE
  
  The problem becomes when the ONLY devices out there rely on vendor patches because, for example, there are patents involved.
  
  0 0 Reply
  1. Tuesday 17th October 2017 07:09 GMT Chronos
    
    Re: LEDE
    
    I've been saying since forever that patents and standards should be mutually exclusive. Moot point here, though, because WPA/RSN is handled by the host so the binary blobs full of trade secrets used to abstract the hardware (Atheros, Broadcom et al) aren't an issue in this context.
    
    3 1 Reply
    1. Tuesday 17th October 2017 07:44 GMT Anonymous Coward
      
      Re: LEDE
      
      I've been saying since forever that patents and standards should be mutually exclusive.
      
      Great idea, but who's going to do the hard work in the absence of a future source of income from patent licensing?
      
      1 2 Reply
      1. Tuesday 17th October 2017 08:02 GMT Chronos
        
        Re: LEDE
        
        Credas wrote: Great idea, but who's going to do the hard work in the absence of a future source of income from patent licensing?
        
        I didn't say it was a perfect solution; those only exist in the minds of idealists. There are some advances, however, that we could do without. Let us first define progress: Taking the best of what you have. And ruining it.
        
        It's somewhat confusing that we have one law which prohibits monopolies and another that encourages them in very specific niches. It's almost as if it was designed by two different committees. Oh, wait...
        
        4 1 Reply
      2. Tuesday 17th October 2017 09:26 GMT Doctor Syntax
        
        Re: LEDE
        
        "Great idea, but who's going to do the hard work in the absence of a future source of income from patent licensing?"
        
        Hardware manufacturers. They have a mutual interest in cooperating. Take, for instance, the humble electricity plugs and sockets. You will expect your house to be wired with whatever is your local standard. Likewise you'll expect any appliances to be equipped to plug into that. Anyone trying to sell non-standard items is going to have a small market.
        
        If public standards require no patents, as opposed to FRAND patents* then manufacturers who want to be able to sell stuff have to accept that they have a choice between not protecting their stuff with patents and not selling it.
        
        Somewhere along the line we seem to have missed out ensuring that public interest is looked after.
        
        * FRAND is supposed to stop disputes. It hasn't worked.
        
        12 1 Reply
        
        Tuesday 17th October 2017 12:44 GMT Charles 9
        
        Re: LEDE
        
        "Hardware manufacturers. They have a mutual interest in cooperating."
        
        Not necessarily. If a market is mature or has significant government involvement, like plugs with their legally-binding safety standards, then yes, the manufacturers find it's best to come to terms.
        
        BUT if a market is competitive, like it is in the SoC markets, then they DON'T want to cooperate because they're instead out to conquer. THEY want to become the standard-bearer instead of The Enemy. And governments usually don't set a standard until the smoke has cleared for fear of being chided for doing it wrong and wasting taxpayer money and possibly getting voted out.
        
        "Somewhere along the line we seem to have missed out ensuring that public interest is looked after."
        
        Of course not. The first priority of any business is to make money. Otherwise, it has no real reason for existing. All else is secondary, and part of the aim is to manipulate governments to maintain the status quo. If a government moves to mandate businesses cater to citizens first, you move to change the government to not make it so anymore.
        
        5 3 Reply
        
        Wednesday 18th October 2017 02:17 GMT Kiwi
        
        Re: LEDE
        
        The first priority of any business is to make money. Otherwise, it has no real reason for existing.
        
        I realise your experience of the world may be a bit lacking, as much as you think it isn't, but I can assure you that for a great many business owners their first priority is NOT to make money, but to work in a field they enjoy and to do the best they can.
        
        You may find this odd, but a lot of people actually start businesses with spare resources because they don't like the perceived poor performance of others in the local market, or because it's something they can do and the local market isn't catered for.
        
        5 3 Reply
        
        Wednesday 18th October 2017 09:36 GMT Charles 9
        
        Re: LEDE
        
        But if they don't make money, they bleed out and disappear. Put it this way. The first priority of any human is to obtain sustenance; otherwise, they die. Money, as they say, makes the world go round, and money is the lifeblood of any enterprise. Econ 101. You gotta pay the bills.
        
        2 3 Reply
        
        Saturday 21st October 2017 20:00 GMT Kiwi
        
        Re: LEDE
        
        But if they don't make money, they bleed out and disappear.
        
        There's LOTS of small ("boutique") businesses like a lot of independant 2nd hand bookshops, antiques shops, many charity shops etc that have been running for years (sometimes decades), sometimes without enough income to pay the rent, yet they survive.
        
        They survive because the owner is doing something s/he loves, and is not tied to the income from the shop.
        
        Then look at the huge number of home-based businesses where the owner might sell one trinket a week, where they spend a few hours each week making said trinkets as a hobby and if they sell they sell if they don't sell so what.
        
        As to "money being the lifeblood of any enterprise"; no, it's the workers (are you competing for silliest comment of the year?). Without the staff to run the business, even if there's a $billion in the bank, the business is dead the moment the last person decides they're not working there any more.
        
        Get away from your "PROFESSIONAL gamers!!11!!1" for a while and get out into the real world, and get some life experience. This is stuff you learn in the first basic module of Real Life 101.
        
        1 0 Reply
Tuesday 17th October 2017 06:37 GMT Anonymous Coward

I'm not worried because I use WEP and hide my base station ID.

39 1 Reply
1. Tuesday 17th October 2017 06:45 GMT Charles 9
  
  WEP is trivial to crack these days and attackers can simply poll the devices that connect to your base station. Since you hide your ID, the clients MUST by necessity keep polling for them just to connect. Dead giveaway which is why it's considered good form not to rely on obscurity here. It's better to be known but hardened.
  
  3 25 Reply
  1. Tuesday 17th October 2017 07:06 GMT Alan W. Rateliff, II
    
    Your post is informative to those who do not know otherwise, but... that was the joke.
    
    Honestly, I completely discount this "backward compatibility" nonsense argument for why equipment still includes WEP (non-)encryption.
    
    22 0 Reply
    1. Tuesday 17th October 2017 08:33 GMT Anonymous Coward
      
      Wait what? My AP isn't secure?
      
      Next you'll be telling me I need to patch my XP boxes.
      
      19 0 Reply
      1. Tuesday 17th October 2017 09:17 GMT Solarflare
        
        "Next you'll be telling me I need to patch my XP boxes."
        
        No no no, don't worry about that. XP stands for eXtremely Protected after all!
        
        7 0 Reply
        
        Tuesday 17th October 2017 10:17 GMT Anonymous Coward
        
        Phew!
        
        I was worried for a minute then as I thought it might have been a problem what with all the cheap IoT camera's I have from China in the DMZ as well.
        
        5 0 Reply
        
        Tuesday 17th October 2017 19:33 GMT PNGuinn
        
        @ Solarflare
        
        No, that was last week. It's been patched.
        
        It now stands for eXcellently Patched.
        
        Do keep up.
        
        2 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Topics

Special Features

Vendor Voice

Resources

COMMENTS

Page:

Already patched here.

Re: Already patched here.

Re: Already patched here.

Re: Already patched here.

Re: Already patched here.

Has to be within range

Re: Has to be within range

Re: Has to be within range

Re: Has to be within range

Re: Has to be within range

Re: Has to be within range

Re: Has to be within range

Re: Has to be within range

Re: Has to be within range

Re: Reducing WiFi power?

Re: Reducing WiFi power?

Re: Has to be within range

Re: Has to be within range

Re: Has to be within range

Re: Has to be within range

Re: Has to be within range

Re: Has to be within range

Re: Has to be within range

Re: Has to be within range

MAC Filtering

Re: MAC Filtering

Re: MAC Filtering

Re: MAC Filtering

Re: MAC Filtering

Re: MAC Filtering

Re: MAC Filtering

Re: MAC Filtering

LEDE

Re: LEDE

Re: LEDE

Re: LEDE

Re: LEDE

Re: LEDE

Re: LEDE

Re: LEDE

Re: LEDE

Re: LEDE

@ Solarflare

Page:

POST COMMENT House rules

Enter your comment

Add an icon

Other stories you might like

Got an unpatched LG 'smart' television? It could be watching you back

JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat

Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching

Exploiting the latest max-severity ConnectWise bug is 'embarrassingly easy'

Ivanti releases patches for VPN zero-days, discloses two more high-severity vulns

Zoom stomps critical privilege escalation bug plus 6 other flaws

Double trouble for Fortinet as it issues critical FortiSIEM vulns

Reg story prompts fresh security bulletin, review of Juniper Networks' CVE process

Ivanti and Juniper Networks accused of bending the rules with CVE assignments

Patch now: Critical VMware, Atlassian flaws found

Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug

More than 178,000 SonicWall firewalls are exposed to old denial of service bugs

About Us

Our Websites

Your Privacy