[security][solved] KRACK: Breaking WPA2 by forcing nonce reuse

Talkless · 16 Oct 2017, 10:01

OK so we potentially have second (together with BlueBorne Blueetooth vuln.) security issue:
https://www.krackattacks.com/

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.

Android and Linux
Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux.

So, is this relevant for Ubuntu Touch devices?

Talkless · 16 Oct 2017, 10:59

apt-cache policy wpasupplicant shows that I have this on BQ E5 UBPorts OTA-2, so.. yeah.

Debian just released wpasupplicant update. Here's patch example for 2.4:

https://anonscm.debian.org/cgit/collab-maint/wpa.git/commit/?h=debian/2%252.4-1%2Bdeb9u1&id=45e13c4ee809e7c8ca7949a52ed7e5f79666112a

Talkless · 16 Oct 2017, 13:03

Could UBPorts raise some few more hundred bucks to part-time-employ some security expert (maybe someone from Debian or Ubuntu security team would agree) for managing security hotfixes only?

Leppa · 16 Oct 2017, 14:14

@Talkless said in [security] KRACK: Breaking WPA2 by forcing nonce reuse:

raise some few more hundred bucks

I don't think they can just get money just like that.

Talkless · 16 Oct 2017, 16:36

@Leppa said in [[security] KRACK: Breaking WPA2 by forcing nonce reuse]

I don't think they can just get money just like that.

Patreon has set "Goals", one of them could be better security support.

guru · 18 Oct 2017, 14:38

@Talkless said in [security] KRACK: Breaking WPA2 by forcing nonce reuse:

apt-cache policy wpasupplicant shows that I have this on BQ E5 UBPorts OTA-2, so.. yeah.

Debian just released wpasupplicant update. Here's patch example for 2.4:

https://anonscm.debian.org/cgit/collab-maint/wpa.git/commit/?h=debian/2%252.4-1%2Bdeb9u1&id=45e13c4ee809e7c8ca7949a52ed7e5f79666112a

Yep, but one can not update this without mounting the device for write. Better is a correct OTA r3 from UBports and OTA-16 from Canonical too. They promised to fix for some time critical issues. This is one!

matthias

Talkless · 18 Oct 2017, 15:27

@guru said in [[security] KRACK: Breaking WPA2 by forcing nonce reuse]

They promised to fix for some time critical issues. This is one!

They promised to maintain security updates for month or few, it ended quite some time ago now.

@mariogrip Could you comment about this issue?

guru · 24 Oct 2017, 10:05

Are there any plans for an OTA r3 to address this security issue?
Thanks, matthias

Talkless · 15 Nov 2017, 18:14

From Community Update 15:

People have been asking about the KRACK and BlueBorne vulnerabilities lately, and for good reason. These are highly public explots. Both have been fixed in the RC and Devel channels, with the fixes landing in Stable with the next OTA.

Yay!

Marking this thread as solved.