dd-wrt patched against severe flaws in WPA2 / KRACK attack

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Goto page 1, 2, 3, 4, 5, 6, 7, 8  Next
Author Message
scar
DD-WRT User


Joined: 22 Sep 2008
Posts: 60

PostPosted: Mon Oct 16, 2017 7:14    Post subject: dd-wrt patched against severe flaws in WPA2 / KRACK attack Reply with quote
I was reading about "Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping"
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

and was wondering if dd-wrt has been patched against this yet? or is it in the works, and when/how can we know that the specific firmware for our router is patched against these flaws/attacks?

Thanks
Sponsor
mojo-chan
DD-WRT Novice


Joined: 14 Sep 2008
Posts: 12

PostPosted: Mon Oct 16, 2017 8:39    Post subject: Reply with quote
Further information to be posted here:

https://www.krackattacks.com/

Seems like for now the only option is to disable WPA2 Personal and maybe use WPA2 Enterprise.
tosiara
DD-WRT User


Joined: 20 Dec 2011
Posts: 100

PostPosted: Mon Oct 16, 2017 8:39    Post subject: Reply with quote
Public disclosure has not been done yet. It is scheduled at around 13:00 UTC at www_krackattacks_com
roseeng
DD-WRT Novice


Joined: 16 Oct 2017
Posts: 1

PostPosted: Mon Oct 16, 2017 8:47    Post subject: Reply with quote
tosiara wrote:
Public disclosure has not been done yet. It is scheduled at around 13:00 UTC at www_krackattacks_com


Commercial vendors seem to have disclosure already:
https://forum.mikrotik.com/viewtopic.php?f=21&t=126695

If the researchers are serious, one would expect them to give the information to the core devs of major open firmwares too...
mojo-chan
DD-WRT Novice


Joined: 14 Sep 2008
Posts: 12

PostPosted: Mon Oct 16, 2017 9:45    Post subject: Reply with quote
Hopefully it's already been fixed and released silently ahead of the disclosure, otherwise it's bad enough to warrant disabling wifi.

It's hard to underestimate how much of a disaster this is. 90% of hardware out there is never going to be fixed, at least not by the manufacturer.
ticoli
DD-WRT Novice


Joined: 16 Oct 2017
Posts: 1

PostPosted: Mon Oct 16, 2017 10:07    Post subject: Reply with quote
mojo-chan wrote:
Hopefully it's already been fixed and released silently ahead of the disclosure, otherwise it's bad enough to warrant disabling wifi.

It's hard to underestimate how much of a disaster this is. 90% of hardware out there is never going to be fixed, at least not by the manufacturer.


You mean ddwrt has been already patched? Since which version?
slobodan
DD-WRT Guru


Joined: 03 Nov 2011
Posts: 1555
Location: Zwolle

PostPosted: Mon Oct 16, 2017 10:32    Post subject: Reply with quote
To put it simply, DD-WRT code is public, so being patched here means being made public.
_________________
2 times APU2 Opnsense 21.1 with Sensei

2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)

3 times Asus RT-N16 shelved

E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)

3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)


Heracles87
DD-WRT User


Joined: 04 Feb 2017
Posts: 55

PostPosted: Mon Oct 16, 2017 12:03    Post subject: Re: dd-wrt patched against severe flaws in WPA2 / KRACK atta Reply with quote
scar wrote:
I was reading about "Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping"
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

and was wondering if dd-wrt has been patched against this yet? or is it in the works, and when/how can we know that the specific firmware for our router is patched against these flaws/attacks?

Thanks

Would love to know too Very Happy
tosiara
DD-WRT User


Joined: 20 Dec 2011
Posts: 100

PostPosted: Mon Oct 16, 2017 12:07    Post subject: Reply with quote
hostap and wpa_supplicant seem to receive all the needed patches https://w1.fi/cgit/hostap/commit/?id=a00e946c1c9a1f9cc65c72900d2a444ceb1f872e (set of patches also prepared: http://w1.fi/security/2017-1/)
So it's time to include them into DD-WRT and rebuild
mojo-chan
DD-WRT Novice


Joined: 14 Sep 2008
Posts: 12

PostPosted: Mon Oct 16, 2017 12:37    Post subject: Reply with quote
slobodan wrote:
To put it simply, DD-WRT code is public, so being patched here means being made public.


Other open source projects patched quietly last week. Today is just the day that full documentation goes live.
slobodan
DD-WRT Guru


Joined: 03 Nov 2011
Posts: 1555
Location: Zwolle

PostPosted: Mon Oct 16, 2017 13:43    Post subject: Reply with quote
The patch is in the repository: http://svn.dd-wrt.com/changeset/33525
_________________
2 times APU2 Opnsense 21.1 with Sensei

2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)

3 times Asus RT-N16 shelved

E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)

3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)


Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Mon Oct 16, 2017 14:22    Post subject: Reply with quote
well this thing i guess is nothing new it just gathers more attention "evil twin" is an old method to obtain WPA2 password even the thing that the router responds to zero bit
and hangs and than you have to restart it and you obtain the
frames with wireshark cmon its been on youtube for ages its
just another whistle-blower...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
leus
DD-WRT Novice


Joined: 16 Oct 2017
Posts: 1

PostPosted: Mon Oct 16, 2017 14:51    Post subject: Reply with quote
slobodan wrote:
The patch is in the repository: http://svn.dd-wrt.com/changeset/33525


That looks gruesome. Thank you!

News / instructions for updating?
tosiara
DD-WRT User


Joined: 20 Dec 2011
Posts: 100

PostPosted: Mon Oct 16, 2017 14:52    Post subject: Reply with quote
slobodan wrote:
The patch is in the repository: http://svn.dd-wrt.com/changeset/33525

Would be great to track this issue as a bug so it can be verified as soon as proof of concept tools are released
jpp
DD-WRT Novice


Joined: 26 Sep 2017
Posts: 28

PostPosted: Mon Oct 16, 2017 16:54    Post subject: Reply with quote
mojo-chan wrote:
Further information to be posted here:

https://www.krackattacks.com/

Seems like for now the only option is to disable WPA2 Personal and maybe use WPA2 Enterprise.


It is also affected:

Quote:
According to the researchers, the newly discovered attack works against:

Both WPA1 and WPA2,
Personal and enterprise networks,
Ciphers WPA-TKIP, AES-CCMP, and GCMP


In short, if your device supports WiFi, it is most likely affected. During their initial research, the researchers discovered that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by the KRACK attacks


Source: https://thehackernews.com/2017/10/wpa2-krack-wifi-hacking.html

JP
Goto page 1, 2, 3, 4, 5, 6, 7, 8  Next Display posts from previous:    Page 1 of 8
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum