Mailinglist Archive: opensuse (783 mails)

< Previous Next >
Re: [opensuse] Fwd: Basically every WiFi device just hacked?
On 18/10/17 18:23, James Knott wrote:
On 10/18/2017 01:07 PM, Wols Lists wrote:
Most sessions nowadays are spread-spectrum. I'm not sure how it works,
but if you disrupt the connection open sequence, ie get the client
transmitting on one frequency, and the router receiving on another, you
can MITM the conversation.

You're right, you don't know how it works. All current WiFi uses
something called Orthogonal Frequency Division Multiplexing (OFDM),
which has several carriers spread across the channel. All of the
carriers are modulated at the same time, with different parts of the
data. There is no switching from one frequency to another. Impairments
on one carrier simply means less or no data over that particular
carrier. The exception is 802.11b, which uses a different method called
Direct Sequence Spread Spectrum (DSSS), but that (hopefully) is not
still in use, as the encryption in 802.11b is really poor.

https://en.wikipedia.org/wiki/Orthogonal_frequency-division_multiplexing

Incidentally, O'Reilly has some good books on WiFi, that describe the
modulation methods used and much more.

Or did it say the attacker tricks the client and router into using different channels, bridging and MITM'ing the connection that way?

Either way, people who know rather more than I do said that tricking the handshake so the attacker can bridge it is a lot easier than most people think.

And once you've done that, the bug in wpa_supplicant (which was actually introduced trying to fix a different security bug!) hands you a known key and nonce. Game over!

Cheers,
Wol

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups