This KRACK Hack Kills Your Wi-Fi Privacy

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Generic Questions
Author Message

Joined: 26 Mar 2013
Posts: 577
Location: Hung Hom, Hong Kong

PostPosted: Tue Oct 17, 2017 14:39    Post subject: This KRACK Hack Kills Your Wi-Fi Privacy Reply with quote
Full story:

It's time to get patching again. Another widespread vulnerability affecting practically everyone and everything that uses Wi-Fi was revealed on Monday, allowing hackers to decrypt and potentially look at everything people are doing online.

Researcher Mathy Vanhoef, from Belgian university KU Leuven, released information on his hack, dubbing it KRACK, for Key Reinstallation Attack. Vanhoef's description of the bug on his KRACK website is startling: "This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."

What's behind the vulnerability? It affects a core encryption protocol, Wi-Fi Protected Access 2 (WPA2), relied on by most Wi-Fi users to keep their web use hidden and secret from others. More specifically, the KRACK attack sees a hacker trick a victim into reinstalling an already-in-use key. Every key should be unique and not re-usable, but a flaw in WPA2 means a hacker can tweak and replay the "handshakes" carried out between Wi-Fi routers and devices connecting to them; during those handshakes, encryption keys made up of algorithmically-generated, one-time-use random numbers are created. It turns out that in WPA2, it's possible for an attacker to manipulate the handshakes so that the keys can be reused and messages silently intercepted.

The researchers, who said the attack was particularly severe for Android and Linux users, showed how devastating an attack could be in the demonstration video below:

... more ....

For those users whose routers, PCs and smartphones don't yet have updates, there are some measures they can take to protect their online privacy. A Virtual Private Network (VPN) software could protect them, as it will encrypt all traffic. Only using HTTPS encrypted websites should also benefit the user, though there are exploits that can remove those protections. Changing the Wi-Fi password won't prevent attacks, but it's advisable once the router has been updated.

Vanhoef is promising more too. Though he admitted some of the KRACK attacks would be difficult to carry out, he's to release more information on how to make them significantly easier to execute, especially for Apple's macOS and the OpenBSD operating system.

Router: Asus RT-N18U (rev. A1)

May the Force and farces be with you! Live long and proper!

SETI@Home profile:

Joined: 11 Jun 2007
Posts: 52

PostPosted: Tue Oct 17, 2017 17:55    Post subject: Reply with quote
So, where are we going with this ?

Will there be an update for all Models ?
DD-WRT Novice

Joined: 17 Oct 2017
Posts: 1

PostPosted: Tue Oct 17, 2017 20:22    Post subject: Reply with quote
here they fixed the vulns:
DD-WRT Novice

Joined: 31 Aug 2018
Posts: 10

PostPosted: Mon Sep 03, 2018 12:49    Post subject: Reply with quote
I used Ivacy vpn and Kaspersky. I remained untouched and unaffected in the attack.
Here is how

Last edited by JNehru on Wed Sep 25, 2019 14:48; edited 1 time in total
DD-WRT Novice

Joined: 09 Dec 2018
Posts: 1

PostPosted: Tue Dec 11, 2018 19:48    Post subject: Reply with quote
Some belated follow-up because this thread doesn't say anything about DD-WRT's fixes. Keep in mind these fixes happened over a year ago.

DD-WRT ticket #6005 comment 11 wrote:
​KRACK fixes for Broadcom were completed in ​33678, including k26 (33655) & k24 (33656), but build 33679 is missing many files. Thus, use 33772 (or newer).

As for other chipsets besides Broadcom, the build above already includes fixes for "most devices" (i.e. non-proprietary drivers), Mediatek, QCA/Atheros, and Marvell based chipsets (source 1, source 2). I don't know when any chipsets besides those ones were fixed.

Remember, your clients also need to be patched against the KRACK vulnerability (clients = your PCs and smartphones and stuff).
DD-WRT Novice

Joined: 20 Sep 2019
Posts: 1

PostPosted: Fri Sep 20, 2019 10:13    Post subject: Reply with quote
It is helpful information. Thanks

Java Training in Ahmedabad
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Generic Questions All times are GMT


Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum