One Article Review
| Source |  Errata Security |
|---|---|
| Identifiant | 419081 |
| Date de publication | 2017-10-16 08:40:03 (vue: 2017-10-16 08:40:03) |
| Titre | Some notes on the KRACK attack |
| Texte | This is my interpretation of the KRACK attacks paper that describes a way of decrypting encrypted WiFi traffic with an active attack.tl;dr: Wow. Everyone needs to be afraid. It means in practice, attackers can decrypt a lot of wifi traffic, with varying levels of difficulty depending on your precise network setup. My post last July about the DEF CON network being safe was in error.DetailsThis is not a crypto bug but a protocol bug (a pretty obvious and trivial protocol bug).When a client connects to the network, the access-point will at some point send a random key to use for encryption. Because this packet may be lost in transmission, it can be repeated many times.What the hacker does is just repeatedly sends this packet, potentially hours later. Each time it does so, it resets the "keystream" back to the starting conditions. The obvious patch that device vendors will make is to only accept the first such packet it receives, ignore all the duplicates.At this point, the protocol bug becomes a crypto bug. We know how to break crypto when we have two keystreams from the same starting position. It's not always reliable, but reliable enough that people need to be afraid.Android, though, is the biggest danger. Rather than simply replaying the packet, a packet with a key of all zeroes can be sent. This allows attackers to setup a fake WiFi access-point and man-in-the-middle all traffic.In a related case, the access-point/base-station can sometimes also be attacked, affecting the stream sent to the client.Not only is sniffing possible, but in some limited cases, injection. This allows the traditional attack of adding bad code to the end of HTML pages in order to trick users into installing a virus.This is an active attack, not a passive attack, so in theory, it's detectable.Who is vulnerable?Everyone, pretty much.The hacker only needs to be within range of your WiFi. Your neighbor's teenage kid is going to be downloading and running the tool in order to eavesdrop on your packets.The hacker doesn't need to be logged into your network.It affects all WPA1/WPA2, the personal one with passwords that we use in home, and the enterprise version with certificates we use in enterprises.It can't defeat SSL/TLS or VPNs. Thus, if you feel your laptop is safe surfing the public WiFi at airports, then your laptop is still safe from this attack. With, with Android, it does allow running tools like sslstrip, which can fool many users.Your home network is vulnerable. Many devices will be using SSL/TLS, so are fine, like your Amazon echo, which you can continue to use without worrying about this attack. Other devices, like your Phillips lightbulbs, may not be so protected.How can I defend myself?Patch.More to the point, measure you current vendors by how long it takes them to patch. Throw away gear by those vendors that took a long time to patch and replace it with vendors that took a short time.High-end access-points that contains "WIPS" (WiFi Intrusion Prevention Systems) features should be able to detect this and block vulnerable clients from connecting to the network (once the vendor upgrades the systems, of course).At some point, you'll need to run the attack against yourself, to make sure all your devices are secure. Since you'll be constantly allowing random phones to connect to your network, you'll need to check th |
| Envoyé | Oui |
| Condensat | able about accept access active active attack add adding affecting affects afraid again against airports all allow allowing allows also always amazon android another any are around aruba attaching attack attacked attacker attackers attacks away back bad because becomes before being biggest block break bug but can case cases certificates check client clients code communication communications con conditions conduct connect connecting connects constantly contains continue correctly course crypto crypto bug current danger decrypt decrypting def defeat defend defense deny depending describes detailsthis detect detectable device devices difficulty does doesn doing downloading duplicates each eavesdrop echo encrypted encryption end enough enterprise enterprises error everyone everything fake feature features feel fine first fool from functionality further gear going hacker have high home hours how however html ignore injection installing internal interpretation intrusion july just key keystream keystreams kid know krack laptop last later levels lightbulbs like likely limited logged long lost lot low make man many may means measure middle mitigated more most much myself near need needs neighbor network next not notes obvious once one only order other packet packets pages paper passive attack passwords patch patching people personal phillips phones point point/base points position possible post potentially powered practice precise pretty prevent preventing prevention products/services progress protected protocol protocol bug public random range rather reason receives related reliable remember repeated repeatedly replace replaying resets roles run running safe same secure security send sends sent setup several short should simply since sniffing some sometimes specifically ssl/tls sslstrip starting station status stream such sure surfing systems takes teenage than them then theory things those though throw thus time times tl;dr: took tool tools traditional traffic transmission trick trivial two upgrades use users uses using valuable varying vendor vendors version virus vpns vulnerability vulnerable way what when which who why wifi will wips within without worrying wow wpa1/wpa2 year years yet you your yourself zeroes |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.