dd-wrt patched against severe flaws in WPA2 / KRACK attack

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Goto page 1, 2, 3, 4, 5, 6, 7, 8  Next
Author Message
scar
DD-WRT User


Joined: 22 Sep 2008
Posts: 60

PostPosted: Mon Oct 16, 2017 7:14    Post subject: dd-wrt patched against severe flaws in WPA2 / KRACK attack Reply with quote
I was reading about "Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping"
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

and was wondering if dd-wrt has been patched against this yet? or is it in the works, and when/how can we know that the specific firmware for our router is patched against these flaws/attacks?

Thanks
Sponsor
mojo-chan
DD-WRT Novice


Joined: 14 Sep 2008
Posts: 12

PostPosted: Mon Oct 16, 2017 8:39    Post subject: Reply with quote
Further information to be posted here:

https://www.krackattacks.com/

Seems like for now the only option is to disable WPA2 Personal and maybe use WPA2 Enterprise.
tosiara
DD-WRT User


Joined: 20 Dec 2011
Posts: 95

PostPosted: Mon Oct 16, 2017 8:39    Post subject: Reply with quote
Public disclosure has not been done yet. It is scheduled at around 13:00 UTC at www_krackattacks_com
roseeng
DD-WRT Novice


Joined: 16 Oct 2017
Posts: 1

PostPosted: Mon Oct 16, 2017 8:47    Post subject: Reply with quote
tosiara wrote:
Public disclosure has not been done yet. It is scheduled at around 13:00 UTC at www_krackattacks_com


Commercial vendors seem to have disclosure already:
https://forum.mikrotik.com/viewtopic.php?f=21&t=126695

If the researchers are serious, one would expect them to give the information to the core devs of major open firmwares too...
mojo-chan
DD-WRT Novice


Joined: 14 Sep 2008
Posts: 12

PostPosted: Mon Oct 16, 2017 9:45    Post subject: Reply with quote
Hopefully it's already been fixed and released silently ahead of the disclosure, otherwise it's bad enough to warrant disabling wifi.

It's hard to underestimate how much of a disaster this is. 90% of hardware out there is never going to be fixed, at least not by the manufacturer.
ticoli
DD-WRT Novice


Joined: 16 Oct 2017
Posts: 1

PostPosted: Mon Oct 16, 2017 10:07    Post subject: Reply with quote
mojo-chan wrote:
Hopefully it's already been fixed and released silently ahead of the disclosure, otherwise it's bad enough to warrant disabling wifi.

It's hard to underestimate how much of a disaster this is. 90% of hardware out there is never going to be fixed, at least not by the manufacturer.


You mean ddwrt has been already patched? Since which version?
slobodan
DD-WRT Guru


Joined: 03 Nov 2011
Posts: 1545
Location: Zwolle

PostPosted: Mon Oct 16, 2017 10:32    Post subject: Reply with quote
To put it simply, DD-WRT code is public, so being patched here means being made public.
_________________
2 times RT-AC56U running 33772 with entware-ng, Yamon 3 (SFE disabled).

Asus RT-N16 running Merlin LTS fork RT-N16_3.0.0.4_374.43_2-25E8j9527.trx with entware-ng.

2 times Asus RT-N16 running dd-wrt.v24-33772_NEWD-2_K3.x_big.bin with entware-ng

E4200 V1 running dd-wrt.v24-33772_NEWD-2_K3.x_mega-e3000.bin

3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running dd-wrt.v24-33772_NEWD-2_K3.x_mega-e3000.bin (bridged with LAN cable)


Heracles87
DD-WRT User


Joined: 04 Feb 2017
Posts: 55

PostPosted: Mon Oct 16, 2017 12:03    Post subject: Re: dd-wrt patched against severe flaws in WPA2 / KRACK atta Reply with quote
scar wrote:
I was reading about "Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping"
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

and was wondering if dd-wrt has been patched against this yet? or is it in the works, and when/how can we know that the specific firmware for our router is patched against these flaws/attacks?

Thanks

Would love to know too Very Happy
tosiara
DD-WRT User


Joined: 20 Dec 2011
Posts: 95

PostPosted: Mon Oct 16, 2017 12:07    Post subject: Reply with quote
hostap and wpa_supplicant seem to receive all the needed patches https://w1.fi/cgit/hostap/commit/?id=a00e946c1c9a1f9cc65c72900d2a444ceb1f872e (set of patches also prepared: http://w1.fi/security/2017-1/)
So it's time to include them into DD-WRT and rebuild
mojo-chan
DD-WRT Novice


Joined: 14 Sep 2008
Posts: 12

PostPosted: Mon Oct 16, 2017 12:37    Post subject: Reply with quote
slobodan wrote:
To put it simply, DD-WRT code is public, so being patched here means being made public.


Other open source projects patched quietly last week. Today is just the day that full documentation goes live.
slobodan
DD-WRT Guru


Joined: 03 Nov 2011
Posts: 1545
Location: Zwolle

PostPosted: Mon Oct 16, 2017 13:43    Post subject: Reply with quote
The patch is in the repository: http://svn.dd-wrt.com/changeset/33525
_________________
2 times RT-AC56U running 33772 with entware-ng, Yamon 3 (SFE disabled).

Asus RT-N16 running Merlin LTS fork RT-N16_3.0.0.4_374.43_2-25E8j9527.trx with entware-ng.

2 times Asus RT-N16 running dd-wrt.v24-33772_NEWD-2_K3.x_big.bin with entware-ng

E4200 V1 running dd-wrt.v24-33772_NEWD-2_K3.x_mega-e3000.bin

3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running dd-wrt.v24-33772_NEWD-2_K3.x_mega-e3000.bin (bridged with LAN cable)


Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 2575
Location: UK, London, just across the river..

PostPosted: Mon Oct 16, 2017 14:22    Post subject: Reply with quote
well this thing i guess is nothing new it just gathers more attention "evil twin" is an old method to obtain WPA2 password even the thing that the router responds to zero bit
and hangs and than you have to restart it and you obtain the
frames with wireshark cmon its been on youtube for ages its
just another whistle-blower...

_________________
Atheros
TP-Link WR740Nv4 --------DD-WRT 33986 BS (AP,NAT,AD Blocking,Firewall,Forced DNS)
TP-Link WR1043NDv2 ------DD-WRT 39144 BS (AP,PPPoE,NAT,AD Blocking,AP Isolation,Firewall,Forced DNS)
TP-Link WR1043NDv2 ------DD-WRT 39267 BS (AP,NAT,AD Blocking,Firewall,Wi-Fi OFF,Forced DNS)
TP-Link WR1043NDv2.......... Gargoyle OS 1.11.0 (AP,NAT,QoS,Quotas)
Qualcomm/IPQ8065
Netgear R7800 ------------DD-WRT 39000M 4.9 Kong (AP,NAT,AD-Blocking,AP Isolation,Firewall,DNSCrypt x2)
Broadcom
Netgear R7000 ---------DD-WRT 38580M Kong (AP,NAT,AD-Blocking,Firewall,Forced DNS)
Others
Netgear ProSAFE-GS105Ev2 ----(LAN Switch)
leus
DD-WRT Novice


Joined: 16 Oct 2017
Posts: 1

PostPosted: Mon Oct 16, 2017 14:51    Post subject: Reply with quote
slobodan wrote:
The patch is in the repository: http://svn.dd-wrt.com/changeset/33525


That looks gruesome. Thank you!

News / instructions for updating?
tosiara
DD-WRT User


Joined: 20 Dec 2011
Posts: 95

PostPosted: Mon Oct 16, 2017 14:52    Post subject: Reply with quote
slobodan wrote:
The patch is in the repository: http://svn.dd-wrt.com/changeset/33525

Would be great to track this issue as a bug so it can be verified as soon as proof of concept tools are released
jpp
DD-WRT Novice


Joined: 26 Sep 2017
Posts: 28

PostPosted: Mon Oct 16, 2017 16:54    Post subject: Reply with quote
mojo-chan wrote:
Further information to be posted here:

https://www.krackattacks.com/

Seems like for now the only option is to disable WPA2 Personal and maybe use WPA2 Enterprise.


It is also affected:

Quote:
According to the researchers, the newly discovered attack works against:

Both WPA1 and WPA2,
Personal and enterprise networks,
Ciphers WPA-TKIP, AES-CCMP, and GCMP


In short, if your device supports WiFi, it is most likely affected. During their initial research, the researchers discovered that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by the KRACK attacks


Source: https://thehackernews.com/2017/10/wpa2-krack-wifi-hacking.html

JP
Goto page 1, 2, 3, 4, 5, 6, 7, 8  Next Display posts from previous:    Page 1 of 8
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum