wifi vulnerability called KRACK WPA2 attack vector.
Posted: Wed Oct 25, 2017 2:55 pm
What you have not been told about KRACK is that it's a very hard way to crack a wifi network with WPA2.
The following must all be true for the wifi network to be vulnerable:
1. The wifi network must have two wifi access points (AP's) with the same SSID across the system. And a client with access that jumps or roams between the access points on the wifi network/wifi mesh.
2. Both wifi access points/mesh must be vulnerable and the wifi client needs to be vulnerable.
3. The client must hop between the access points with the vulnerability with 802.11r fast roaming and the access points must support 802.11r.
3. Message 3 in the 4-way chain handshake, the nonce, must be forced to repeat when it hops.
4. The traffic across the wifi network must be monitored for an extended time and the traffic is known or dictionary attacked, eg: plain text HTTP traffic.
5. You must be in the range of the wifi access points, and both must be jammed for the nonce to have any chance of being repeated on both wifi access points.
6. Both wifi access points must be connected by ethernet on the same network.
7. WPA2-AES/CCMP cannot be broken the key is not repeated at any stage. Unless the group key wifi access points are repeated first and then you may have an attack vector once in a blue moon against WPA2-AES/CCMP.
8. You must know the MAC address of the vulnerable client itself. Putting 00:00:00:00:00 as the client MAC doesn't work, the 4-way handshake is encrypted including the MAC.
9. The attacking system must have the same SSID and password, as the access point you are attacking. And the attacking access point must act as a wifi access point in its own right in range.
As the traffic is still encrypted with WPA2, even though you have got the nonce to repeat. The traffic then needs to be broken by doing a dictionary attack on a packet. Only a single packet of traffic will be revealed when a dictionary attack occurs successfully. One then needs to jam the nonce again on both access points to repeat, and start again with the dictionary attack.
One cannot do a dictionary attack on encrypted traffic inside the WPA2 encryption, such as when using SSL/VPN traffic. Injecting traffic like malware is very hard, for the traffic needs to meet a checksum of every packet itself. And to make that hard the 4-way handshake is encrypted as well and has an encrypted checksum.
Point 9 must have been missed by researchers and the media alike, you need the password of the wifi network! Ah.., that's easy to crack the password; network computer grid fired into a supercomputer, the average user will have access to such a system running for, um..., 100 years or more!
So what is the issue! Its on hotspots that reveal the SSID and password of WPA2 encrypted traffic that allows the client to be attacked when on the 2 public wifi networks. So you are in a cafe with a shared password among all the customers, and 2 phones with WPA2 encryption can see the others traffic because of isolation issues only? And you must hop using 802.11r roaming onto another wifi access point in the range that has the same SSID and password to have any chance of breaking the traffic to your smartphone/tablet/laptop.
It must jump across wifi access points to stand any chance of breaking into the data on a smartphone, etc... Do we take people as idiots, they know they are on a public wifi hotspot! If one is on a public network that has no encryption it's the same! Wifi clients do have firewalls on them stopping such access to the phone/tablet/laptop!
And Dr. did you tell those concerned that the fancy picture of traffic on a WPA2 encrypted wifi network in your article is factual data from a wifi network actually unencrypted with the password itself that is known! What is this nonsense about the birthday paradox of people, what has that got to do with encryption? Ah.., I've got it you encrypt the people themselves!
I've read the article about the wifi WPA2 KRACK rubbish so published, it is the biggest load of shit research I've seen. How the population have fallen for false information anyone can guess, and the peers are bloody idiots to not rip your article to pieces. Top mark Dr, you can join Crazy as a Left Handed Computer anytime as someone living with a mental illness with a PhD merit.
The following must all be true for the wifi network to be vulnerable:
1. The wifi network must have two wifi access points (AP's) with the same SSID across the system. And a client with access that jumps or roams between the access points on the wifi network/wifi mesh.
2. Both wifi access points/mesh must be vulnerable and the wifi client needs to be vulnerable.
3. The client must hop between the access points with the vulnerability with 802.11r fast roaming and the access points must support 802.11r.
3. Message 3 in the 4-way chain handshake, the nonce, must be forced to repeat when it hops.
4. The traffic across the wifi network must be monitored for an extended time and the traffic is known or dictionary attacked, eg: plain text HTTP traffic.
5. You must be in the range of the wifi access points, and both must be jammed for the nonce to have any chance of being repeated on both wifi access points.
6. Both wifi access points must be connected by ethernet on the same network.
7. WPA2-AES/CCMP cannot be broken the key is not repeated at any stage. Unless the group key wifi access points are repeated first and then you may have an attack vector once in a blue moon against WPA2-AES/CCMP.
8. You must know the MAC address of the vulnerable client itself. Putting 00:00:00:00:00 as the client MAC doesn't work, the 4-way handshake is encrypted including the MAC.
9. The attacking system must have the same SSID and password, as the access point you are attacking. And the attacking access point must act as a wifi access point in its own right in range.
As the traffic is still encrypted with WPA2, even though you have got the nonce to repeat. The traffic then needs to be broken by doing a dictionary attack on a packet. Only a single packet of traffic will be revealed when a dictionary attack occurs successfully. One then needs to jam the nonce again on both access points to repeat, and start again with the dictionary attack.
One cannot do a dictionary attack on encrypted traffic inside the WPA2 encryption, such as when using SSL/VPN traffic. Injecting traffic like malware is very hard, for the traffic needs to meet a checksum of every packet itself. And to make that hard the 4-way handshake is encrypted as well and has an encrypted checksum.
Point 9 must have been missed by researchers and the media alike, you need the password of the wifi network! Ah.., that's easy to crack the password; network computer grid fired into a supercomputer, the average user will have access to such a system running for, um..., 100 years or more!
So what is the issue! Its on hotspots that reveal the SSID and password of WPA2 encrypted traffic that allows the client to be attacked when on the 2 public wifi networks. So you are in a cafe with a shared password among all the customers, and 2 phones with WPA2 encryption can see the others traffic because of isolation issues only? And you must hop using 802.11r roaming onto another wifi access point in the range that has the same SSID and password to have any chance of breaking the traffic to your smartphone/tablet/laptop.
It must jump across wifi access points to stand any chance of breaking into the data on a smartphone, etc... Do we take people as idiots, they know they are on a public wifi hotspot! If one is on a public network that has no encryption it's the same! Wifi clients do have firewalls on them stopping such access to the phone/tablet/laptop!
And Dr. did you tell those concerned that the fancy picture of traffic on a WPA2 encrypted wifi network in your article is factual data from a wifi network actually unencrypted with the password itself that is known! What is this nonsense about the birthday paradox of people, what has that got to do with encryption? Ah.., I've got it you encrypt the people themselves!
I've read the article about the wifi WPA2 KRACK rubbish so published, it is the biggest load of shit research I've seen. How the population have fallen for false information anyone can guess, and the peers are bloody idiots to not rip your article to pieces. Top mark Dr, you can join Crazy as a Left Handed Computer anytime as someone living with a mental illness with a PhD merit.