Re: [opensuse] Fwd: Basically every WiFi device just hacked?
On 18/10/17 17:48, Tony Su wrote:
Greg, I agree with most of what you wrote about possible attack scenarios, but YMMV regarding broadcasting enough noise to disrupt a session causing a client to reconnect generally possible only if you have a powerful enough transmitter and if that's the case then why bother with these attacks? Just impersonate, capture passwords and be done with it.
And, it does matter about when Users connect and relative to the amount of traffic, so for instance when Users first connect it's true that they're Tx and Rx those magic packets, but the next most likely thing to happen is that those machines will be updating and checking email... So although it's more likely that those packets will be within a smaller time frame, the total traffic volume will also be enormous.
The scenario posited on LWN was very simple, and does not need much by way of powerful kit. Most sessions nowadays are spread-spectrum. I'm not sure how it works, but if you disrupt the connection open sequence, ie get the client transmitting on one frequency, and the router receiving on another, you can MITM the conversation. You then simply don't forward packet #3, forcing the client or router (can't remember which) to retry. This then causes the connection to reset with a nonce of 0, and a key of 0. Bingo - connection encryption now cracked, and the supposedly secure connection is wide open. That's the way these things always go - someone cocks up and the resulting crack is pretty simple. Changing topic slightly - you're aware somebody's found a bug in an RSA implementation such that any 4096-bit keys from this generator can be brute-forced? Not sure how long it takes but it's well within the ability of a determined attacker! As always, an implementation cockup gives a back-door into the encryption. Cheers, Wol
I just posted an opinion on the openSUSE Forums, as I described only an opinion which of course can be subject to ridicule and disagreement
https://forums.opensuse.org/showthread.php/527675-WPA2-situation?p=2842095#p...
As for DMARC, it's actually not more than SPF and TKIP which have been around for ages plus applying policy. So, nothing revolutionary. And, only addresses forging email domains. It won't do anything for you regarding the overall possible phishing attacks and other ways of implanting malware. If you're not already doing SPF and TKIP, then it's a step forward but isn't a replacement for other methods like blocklists, whitelisting and anti-spam.
IMO, Tony
On Wed, Oct 18, 2017 at 6:38 AM, Wols Lists <antlists@youngman.org.uk> wrote:
On 16/10/17 17:35, Tony Su wrote:
From the general description (I haven't been able to inspect a detailed demo), it looks like a cousin to the Diffie Hellman flaw described last year.
If so, - All encrypted traffic including SSL/TLS, SSH, VPNs, etc should be protected despite the researchers' suggestion that <might> also be vulnerable. And, all User activity that involves exchanging passwords on websites, Financial/Banking, email and other activity are covered here.
- The other stuff about capturing, replaying and injecting content or even false network settings is a different consideration, but if this is not much different than what has always been possible using aircrack-ng against WEP or WPA1, then there are practical considerations which can make this kind of attack difficult although possible... like...
The attacker might have to capture gigabytes of data to obtain the few packets which contain a WPA handshake. Low activity APs might be more vulnerable than heavily used.
Once captured, the attacker has to crack the keys. Depending on strength and available machine resources plus method of crack (are rainbow tables available and used?), this might take awhile
LIKE A COUPLE OF NANOSECONDS?
Sorry for shouting, but the nature of the crack tricks wpa_supplicant into using a key of 0x00.
Once cracked, the keys are usable for only as long as the original User has not yet closed his wireless session. Once the User has disconnected, then a new session and handshake has to be cracked.
So, Unless you're supporting a high security wireless network, I don't think that anyone should be pressing any emergency buttons, and if you were supporting a high security network then I'd be questioning why you even have Wifi or not deploying WiFi that automatically rotates new keys every few minutes.
Yes you should be pressing security buttons. The key is absolutely no protection at all!
Cheers, Wol
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/18/2017 01:07 PM, Wols Lists wrote:
Most sessions nowadays are spread-spectrum. I'm not sure how it works, but if you disrupt the connection open sequence, ie get the client transmitting on one frequency, and the router receiving on another, you can MITM the conversation.
You're right, you don't know how it works. All current WiFi uses something called Orthogonal Frequency Division Multiplexing (OFDM), which has several carriers spread across the channel. All of the carriers are modulated at the same time, with different parts of the data. There is no switching from one frequency to another. Impairments on one carrier simply means less or no data over that particular carrier. The exception is 802.11b, which uses a different method called Direct Sequence Spread Spectrum (DSSS), but that (hopefully) is not still in use, as the encryption in 802.11b is really poor. https://en.wikipedia.org/wiki/Orthogonal_frequency-division_multiplexing Incidentally, O'Reilly has some good books on WiFi, that describe the modulation methods used and much more. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 18/10/17 18:23, James Knott wrote:
On 10/18/2017 01:07 PM, Wols Lists wrote:
Most sessions nowadays are spread-spectrum. I'm not sure how it works, but if you disrupt the connection open sequence, ie get the client transmitting on one frequency, and the router receiving on another, you can MITM the conversation.
You're right, you don't know how it works. All current WiFi uses something called Orthogonal Frequency Division Multiplexing (OFDM), which has several carriers spread across the channel. All of the carriers are modulated at the same time, with different parts of the data. There is no switching from one frequency to another. Impairments on one carrier simply means less or no data over that particular carrier. The exception is 802.11b, which uses a different method called Direct Sequence Spread Spectrum (DSSS), but that (hopefully) is not still in use, as the encryption in 802.11b is really poor.
https://en.wikipedia.org/wiki/Orthogonal_frequency-division_multiplexing
Incidentally, O'Reilly has some good books on WiFi, that describe the modulation methods used and much more.
Or did it say the attacker tricks the client and router into using different channels, bridging and MITM'ing the connection that way? Either way, people who know rather more than I do said that tricking the handshake so the attacker can bridge it is a lot easier than most people think. And once you've done that, the bug in wpa_supplicant (which was actually introduced trying to fix a different security bug!) hands you a known key and nonce. Game over! Cheers, Wol -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 18/10/2017 à 19:50, Anthony Youngman a écrit :
And once you've done that, the bug in wpa_supplicant (which was actually introduced trying to fix a different security bug!) hands you a known key and nonce. Game over!
so keep your communications short and use VPN in public spots and use cable ethernet :-) main problem may be on smartphones, where it's unfriendly to cut wifi and updates are not to be done jdd -- http://dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Anthony Youngman -
James Knott -
jdd@dodin.org -
Wols Lists