[security][solved] KRACK: Breaking WPA2 by forcing nonce reuse
-
OK so we potentially have second (together with BlueBorne Blueetooth vuln.) security issue:
https://www.krackattacks.com/We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.
Android and Linux
Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux.So, is this relevant for Ubuntu Touch devices?
-
apt-cache policy wpasupplicantshows that I have this on BQ E5 UBPorts OTA-2, so.. yeah.Debian just released
wpasupplicantupdate. Here's patch example for 2.4: -
Could UBPorts raise some few more hundred bucks to part-time-employ some security expert (maybe someone from Debian or Ubuntu security team would agree) for managing security hotfixes only?
-
@Talkless said in [security] KRACK: Breaking WPA2 by forcing nonce reuse:
raise some few more hundred bucks
I don't think they can just get money just like that.
-
@Leppa said in [[security] KRACK: Breaking WPA2 by forcing nonce reuse]
I don't think they can just get money just like that.
Patreon has set "Goals", one of them could be better security support.
-
@Talkless said in [security] KRACK: Breaking WPA2 by forcing nonce reuse:
apt-cache policy wpasupplicantshows that I have this on BQ E5 UBPorts OTA-2, so.. yeah.Debian just released
wpasupplicantupdate. Here's patch example for 2.4:Yep, but one can not update this without mounting the device for write. Better is a correct OTA r3 from UBports and OTA-16 from Canonical too. They promised to fix for some time critical issues. This is one!
matthias
-
@guru said in [[security] KRACK: Breaking WPA2 by forcing nonce reuse]
They promised to fix for some time critical issues. This is one!
They promised to maintain security updates for month or few, it ended quite some time ago now.
@mariogrip Could you comment about this issue?
-
Are there any plans for an OTA r3 to address this security issue?
Thanks, matthias -
From Community Update 15:
People have been asking about the KRACK and BlueBorne vulnerabilities lately, and for good reason. These are highly public explots. Both have been fixed in the RC and Devel channels, with the fixes landing in Stable with the next OTA.
Yay!
Marking this thread as solved.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login