WPA2 has been compromised, upgrade yo s***

Not about OpenMW? Just about Morrowind in general? Have some random babble? Kindly direct it here.
Post Reply
User avatar
raevol
Posts: 2502
Joined: 07 Aug 2011, 01:12
Location: Caldera

WPA2 has been compromised, upgrade yo s***

Post by raevol » 16 Oct 2017, 21:33

Important stuff, read: https://www.krackattacks.com/

There was a firmware update already available for my wifi AP to address this. Check your networks!

K0kt409P
Posts: 146
Joined: 06 Aug 2013, 09:14

Re: WPA2 has been compromised, upgrade yo s***

Post by K0kt409P » 17 Oct 2017, 10:23

Oh shit. Both client and AP must be patched for communication to remain secure. That effectively means that any public wifi must be considered as insecure even if it is encrypted with WPA2, since you don't know whether the administrator of that network has patched their router.

Even worse, there are enormous amounts of old Android phones still in active use that are no longer receiving updates. I have one myself, and it doesn't even have an active custom ROM community behind it. I guess it time to decommission it.

User avatar
jirka642
Posts: 112
Joined: 23 Aug 2014, 11:39
Location: Czech Republic
Contact:

Re: WPA2 has been compromised, upgrade yo s***

Post by jirka642 » 17 Oct 2017, 11:06

This is also very bad because most people with personal wifi routers won't ever update them.

Could this be used to create a botnet that spreads uncontrollably between nearby wifi networks in cities and uses smartphone users to travel between distant ones? Attacking by (for example) injecting itself into downloaded executables.
On GitHub as kunesj, on GitLab as kunesj.
OS: Linux Mint 18, CPU: Intel Core i5-3330, RAM: 16GB, GPU: GeForce GTX 650Ti, OpenMW: from source

User avatar
AnyOldName3
Posts: 566
Joined: 26 Nov 2015, 03:25

Re: WPA2 has been compromised, upgrade yo s***

Post by AnyOldName3 » 17 Oct 2017, 14:16

Theoretically, any traffic that goes through HTTPS or SSH or whatever should be fine, as those protocols make no assumptions about the security of the network used. If people are installing things that they got via plain old HTTP, then they were likely at risk already.

User avatar
scrawl
Posts: 2085
Joined: 18 Feb 2012, 11:51
Contact:

Re: WPA2 has been compromised, upgrade yo s***

Post by scrawl » 17 Oct 2017, 14:20

This is a good example of why layers of security are important. If you treated every network like it was public, e.g. use a VPN/TOR + HTTPS Everywhere, you are probably fine.

Personally, I think BlueBorne was (is) much scarier than this. Think of how a bad guy could have taken over every bluetooth phone/laptop in the world silently and then enabled a virus... or for all we know, that's already happened and we don't know it yet.

User avatar
raevol
Posts: 2502
Joined: 07 Aug 2011, 01:12
Location: Caldera

Re: WPA2 has been compromised, upgrade yo s***

Post by raevol » 18 Oct 2017, 02:22

jirka642 wrote:
17 Oct 2017, 11:06
Could this be used to create a botnet that spreads uncontrollably between nearby wifi networks in cities and uses smartphone users to travel between distant ones? Attacking by (for example) injecting itself into downloaded executables.
Well... being able to read someone's traffic definitely doesn't automatically give you root on their device. But depending on what insecure traffic they are transmitting, it could give you the key you need to get root.
K0kt409P wrote:
17 Oct 2017, 10:23
Even worse, there are enormous amounts of old Android phones still in active use that are no longer receiving updates. I have one myself, and it doesn't even have an active custom ROM community behind it. I guess it time to decommission it.
I dropped the extra money to get a Nexus 5X so I could get the latest android always direct from google, and I don't regret it for a minute. I may switch to something like LineageOS because I am getting sick of google sticking their fingers in everything on my phone, but at least I've got security updates...
scrawl wrote:
17 Oct 2017, 14:20
This is a good example of why layers of security are important. If you treated every network like it was public, e.g. use a VPN/TOR + HTTPS Everywhere, you are probably fine.
Definitely!

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests