Take a look at our
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
"Krack" WIFI Security flaw Found
"Krack" WIFI Security flaw Found
A security flaw has been discovered that could be used to hack into any device that uses WIFI.
The key reinstallation attacks, or KRACKs, were discovered by Belgian researcher Marty Vanhoef and are so serious the US Department of Homeland Security has issued an official warning.
Microsoft has already supplied Security updates for October that have covered this problem but Google, Apple and others are playing catch up.
If you have an older Android (5.1) as I do then maybe you will never see any updates. I suppose using WIFI on said Androids in less congested areas would be advisable. Not all Androids are as easy to Root either.
This is a major scare and a major industry shakeup.
https://www.cnet.com/news/krack-wi-fi-a ... esponding/
The key reinstallation attacks, or KRACKs, were discovered by Belgian researcher Marty Vanhoef and are so serious the US Department of Homeland Security has issued an official warning.
Microsoft has already supplied Security updates for October that have covered this problem but Google, Apple and others are playing catch up.
If you have an older Android (5.1) as I do then maybe you will never see any updates. I suppose using WIFI on said Androids in less congested areas would be advisable. Not all Androids are as easy to Root either.
This is a major scare and a major industry shakeup.
https://www.cnet.com/news/krack-wi-fi-a ... esponding/
Active --- Love the X series
X301 W 7/Mint | X201 540M L Mint | X220 2520 W7/Mint
Nostalgia
X61 T7500 / T41 T42 T43 / A31
Rogue daily driver - Samsung RV511 15.6 " Screen - W 7
X301 W 7/Mint | X201 540M L Mint | X220 2520 W7/Mint
Nostalgia
X61 T7500 / T41 T42 T43 / A31
Rogue daily driver - Samsung RV511 15.6 " Screen - W 7
-
- Admin Emeritus
- Posts: 23825
- Joined: Mon Sep 18, 2006 5:17 am
- Location: Loch Garman, Éire
Re: "Krack" WIFI Security flaw Found
These people have a few more patches: http://www.zdnet.com/article/here-is-ev ... right-now/
-
- Senior ThinkPadder
- Posts: 2821
- Joined: Sat Oct 30, 2004 4:52 am
- Location: Prague, Czech Republic
Re: "Krack" WIFI Security flaw Found
As usually, Windows is the only fully patched secure OS leaving others behind.
ThinkPad (1992 - 2012): R51, X31, X220
Huawei MateBook 13
Huawei MateBook 13
Re: "Krack" WIFI Security flaw Found
Microsoft has this covered but it doesn't mean that you are necessarily safe. How many routers and devices out there will never get updated? How quickly will Companies provide these updates?
For people in condo's and low to medium density home environments this will obviously have a greater impact.
Outside your home "patched" and protected environment we may just have to assume that we are at risk. Which most do now in reality and we mark these as a "Public Network" when we connect. YMMV
There has been a spate of exploits this year from back doors to now WPA2's holes and it makes one wonder.
For people in condo's and low to medium density home environments this will obviously have a greater impact.
Outside your home "patched" and protected environment we may just have to assume that we are at risk. Which most do now in reality and we mark these as a "Public Network" when we connect. YMMV
There has been a spate of exploits this year from back doors to now WPA2's holes and it makes one wonder.
Active --- Love the X series
X301 W 7/Mint | X201 540M L Mint | X220 2520 W7/Mint
Nostalgia
X61 T7500 / T41 T42 T43 / A31
Rogue daily driver - Samsung RV511 15.6 " Screen - W 7
X301 W 7/Mint | X201 540M L Mint | X220 2520 W7/Mint
Nostalgia
X61 T7500 / T41 T42 T43 / A31
Rogue daily driver - Samsung RV511 15.6 " Screen - W 7
-
- Senior ThinkPadder
- Posts: 2821
- Joined: Sat Oct 30, 2004 4:52 am
- Location: Prague, Czech Republic
Re: "Krack" WIFI Security flaw Found
Most of routers won't get any update of course (because it is not Microsoft kernel based) and the only way would be to buy a new one. Similar to majority of Android devices.
ThinkPad (1992 - 2012): R51, X31, X220
Huawei MateBook 13
Huawei MateBook 13
-
- Admin Emeritus
- Posts: 23825
- Joined: Mon Sep 18, 2006 5:17 am
- Location: Loch Garman, Éire
Re: "Krack" WIFI Security flaw Found
There are plenty of routers that can be updated with firmware made by Tomato, DD-WRT and the like.
These routers are not depending on (lazy) manufacturers who rather sell you a new one, than update their firmware.
List of KRACK - WPA2 firmware updates: https://www.bleepingcomputer.com/news/s ... erability/
Here's an (incomplete) list of various supported routers:
DD-WRT: https://www.dd-wrt.com/wiki/index.php/Supported_Devices
Tomato : https://en.wikibooks.org/wiki/Tomato_Fi ... ed_Devices
Tomato by Shibby: http://tomato.groov.pl/?page_id=69
These routers are not depending on (lazy) manufacturers who rather sell you a new one, than update their firmware.
List of KRACK - WPA2 firmware updates: https://www.bleepingcomputer.com/news/s ... erability/
Not sure that I believe that...bleepingcomputer wrote:Companies claimed to be not affected by Krack:
Arista Networks, Inc.
Lenovo
Vmware
Here's an (incomplete) list of various supported routers:
DD-WRT: https://www.dd-wrt.com/wiki/index.php/Supported_Devices
Tomato : https://en.wikibooks.org/wiki/Tomato_Fi ... ed_Devices
Tomato by Shibby: http://tomato.groov.pl/?page_id=69
-
- ThinkPadder
- Posts: 1756
- Joined: Thu Aug 09, 2012 3:08 pm
- Location: Calgary, Alberta, Canada
Re: "Krack" WIFI Security flaw Found
Laziness got nothing to do with it. It's all about the $$$. Everyone in every industry is doing it and have been doing it for a long time. We tolerate it so why wouldn't they.RealBlackStuff wrote: ↑Wed Oct 18, 2017 6:03 amThese routers are not depending on (lazy) manufacturers who rather sell you a new one, than update their firmware.
Re: "Krack" WIFI Security flaw Found
Yes I would think you are correct because a quick search brings up 30 Lenovo devices with Android 6 which will be affected the most.RealBlackStuff wrote:Not sure that I believe that...
https://www.gsmarc.com/model-finder/len ... rshmallow/
This doesn't take into account all the other Android OS phones Lenovo make.
I suppose this raises the question whether Google or the other Chinese makers like Lenovo should provide updates.
Both Google and the Chinese makers are fully prepared to put their bloatware onto these phones but when a major exploit is found they are all ducking and diving.
Many of these Chinese Androids are basically clones with only different badges so I wouldn't think it would be too difficult for Google to implement through the websites of the Chinese makers.
Active --- Love the X series
X301 W 7/Mint | X201 540M L Mint | X220 2520 W7/Mint
Nostalgia
X61 T7500 / T41 T42 T43 / A31
Rogue daily driver - Samsung RV511 15.6 " Screen - W 7
X301 W 7/Mint | X201 540M L Mint | X220 2520 W7/Mint
Nostalgia
X61 T7500 / T41 T42 T43 / A31
Rogue daily driver - Samsung RV511 15.6 " Screen - W 7
Re: "Krack" WIFI Security flaw Found
While I suppose it would be best for all devices to be patched, including routers, here is what the krackattacks.com web site has to say about the situation:
What if there are no security updates for my router?
Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
Collection = T430 - T500 - R400 - X300 - T61 (14" WXGA+) - R61 (15" SXGA+) - T60 - X40 - T43p - T43 - T42p - A30P
-
- Admin Emeritus
- Posts: 23825
- Joined: Mon Sep 18, 2006 5:17 am
- Location: Loch Garman, Éire
Re: "Krack" WIFI Security flaw Found
And there is more: RSA Encryption has also become "crackable"
Re: "Krack" WIFI Security flaw Found
Or at least RSA as implemented using Infineon TPM chips.RealBlackStuff wrote: ↑Wed Oct 18, 2017 8:10 amAnd there is more: RSA Encryption has also become "crackable"
Current Thinkpads:
X31, X40, X61T, X61, X201, X220 (i7 IPS), W520 (FHD), T440p (FHD),
T480 (QHD)
Dells: Latitude C840, Precision M70, Precision M4400, M6400 (WUXGA), M6600, M6700, 7730, XPS 13
Daily driver: MS Surface Pro 7 (i7)
X31, X40, X61T, X61, X201, X220 (i7 IPS), W520 (FHD), T440p (FHD),
T480 (QHD)
Dells: Latitude C840, Precision M70, Precision M4400, M6400 (WUXGA), M6600, M6700, 7730, XPS 13
Daily driver: MS Surface Pro 7 (i7)
-
- Senior Member
- Posts: 837
- Joined: Wed May 19, 2010 11:21 pm
- Location: Pardubice, Czech Republic
- Contact:
Re: "Krack" WIFI Security flaw Found
Debian released their patch Oct 16th.
https://www.debian.org/security/2017/dsa-3999 dated
OpenBSD released their patch August 30th.
https://www.openbsd.org/errata60.html
"041: SECURITY FIX: August 30, 2017 All architectures
State transition errors could cause reinstallation of old WPA keys. "
T420 i7 3612QM seabios; T420 i7 3630QM; T400 Q9100 seabios; T61 P9600; T60 libreboot; x62; x60s libreboot, led; x24 xiphmont led
Re: "Krack" WIFI Security flaw Found
Openbsd got there first, there was a NDA on the bug to co-ordinate release of patches, most6 of the usual suspects had patches ready to go on the expiry of the NDA. Openbsd & MS decided to release early.
Home - Win 10 MSi GF63 Gaming Laptop /Arch GNOME 3/X230 Tablet /X61 [Korean] - Debian 10/T60p - Ubuntu 20.10 Helix 2
Work - Win10/Thinkpad X1 Tablet Gen 2
Work - Win10/Thinkpad X1 Tablet Gen 2
-
- Similar Topics
- Replies
- Views
- Last post
-
-
is it a design flaw for power switch to be part of keyboard?
by thisway » Fri Dec 29, 2023 11:06 am » in ThinkPad T400/T410/T420 and T500/T510/T520 Series - 2 Replies
- 18250 Views
-
Last post by dr_st
Sat Dec 30, 2023 6:31 am
-
-
- 0 Replies
- 932 Views
-
Last post by McDog
Mon Jan 08, 2024 12:10 pm
-
-
I look for an 2nd Opionion if I found the Manufacture of the HDMI Matrix Switch
by Boy2006 » Sat Feb 24, 2024 7:02 am » in Off-Topic Stuff - 0 Replies
- 295 Views
-
Last post by Boy2006
Sat Feb 24, 2024 7:02 am
-
-
-
Wifi Card upgrade suggestions?
by babysheegoth » Thu Jan 11, 2024 1:32 pm » in ThinkPad T60/T61 Series - 11 Replies
- 4941 Views
-
Last post by axur-delmeria
Sun Feb 11, 2024 11:47 pm
-
Who is online
Users browsing this forum: No registered users and 16 guests