Mailinglist Archive: opensuse (783 mails)

< Previous Next >
Re: [opensuse] Fwd: Basically every WiFi device just hacked?
16.10.2017 16:52, Greg Freemyer пишет:
On Mon, Oct 16, 2017 at 9:43 AM, Richard Brown <RBrownCCB@xxxxxxxxxxxx> wrote:
On 16 October 2017 at 15:36, Greg Freemyer <greg.freemyer@xxxxxxxxx> wrote:

Most WiFi routers have WEP, WPA, and WPA2.

WPA2 was the most secure and the recommendation.

No longer:

But WPA2 comes in a couple variants. Does anyone know if any of them
are unaffected?

The weakness is in initial client-AP handshake, so I assume all variants
are affected.


I don't know, but I do know that SUSE are working on providing us fast
updates for SLE (which Leap will get equally fast) and Tumbleweed

So this may be addressable on the client end? I hope so!

If I read linked paper correctly, this *is* client vulnerability:

When a client joins a network, it executes
the 4-way handshake to negotiate a fresh session key. It will install
this key after receiving message 3 of the handshake. Once the key
is installed, it will be used to encrypt normal data frames using a
data-confidentiality protocol. However, because messages may be
lost or dropped, the Access Point (AP) will retransmit message 3 if
it did not receive an appropriate response as acknowledgment. As
a result, the client may receive message 3 multiple times. Each time
it receives this message, it will reinstall the same session key, and
thereby reset the incremental transmit packet number (nonce) and
receive replay counter used by the data-confidentiality protocol.
We show that an attacker can force these nonce resets by collecting
and replaying retransmissions of message 3. By forcing nonce reuse
in this manner, the data-confidentiality protocol can be attacked,
e.g., packets can be replayed, decrypted, and/or forged.

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >