Project

General

Profile

Issue #1841

KRACK vunerabilty in wpa_supplicant

Added by Bugmenot Bugmenot about 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Immediate
Category:
Security
Target version:
Start date:
10/16/2017
Due date:
% Done:

100%

Resolution:
fixed
Device:

Description

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites...

During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.

...

https://www.krackattacks.com/

Patches: https://w1.fi/security/2017-1/

History

#1 Updated by Fil Lupin about 1 year ago

Since the weakness is linked to the protocol and not the implementation, the solution seems either to enhance the WPA2 protocol or waiting for the research community to enhance WPA2.

#2 Updated by Marek Królikowski about 1 year ago

Fil Lupin wrote:

Since the weakness is linked to the protocol and not the implementation [...]

It can and should be patched ASAP, there will be no changes in WPA2 spec, we can only fix implementations.

Patches for wpa_supplicant are linked in the issue description.

#3 Updated by Jeremy Rand about 1 year ago

Is Replicant's wpa_supplicant inherited from LineageOS? If so, probably makes sense to get the fix into LineageOS (if it isn't already there) and then simply merge LineageOS's changes into Replicant.

#4 Updated by Nichlas Severinsen about 1 year ago

LineageOS patched their 14.1 builds: https://twitter.com/LineageAndroid/status/920143977256382464 https://review.lineageos.org/#/q/topic:krack-n
Google has apparently also patched: https://www.bleepingcomputer.com/news/security/google-patches-krack-wpa2-vulnerability-in-android/
In addition, the test scripts have been released: https://github.com/vanhoefm/krackattacks-scripts

This should be enough information to patch it in Replicant, right?

#5 Updated by Kurtis Hanna about 1 year ago

Just checking in on this one.

It looks like https://review.lineageos.org/#/q/status:merged+topic:krack-m-alt was pulled into the Replicant dev branch here https://git.replicant.us/LineageOS-mirror/android_external_wpa_supplicant_8/log/

So once 0003 comes out we should be able to close this ticket, right?

#6 Updated by Wolfgang Wiedmeyer about 1 year ago

  • Status changed from New to Closed
  • Resolution set to fixed

Kurtis Hanna wrote:

It looks like https://review.lineageos.org/#/q/status:merged+topic:krack-m-alt was pulled into the Replicant dev branch here https://git.replicant.us/LineageOS-mirror/android_external_wpa_supplicant_8/log/

So once 0003 comes out we should be able to close this ticket, right?

Yes, patches are included in 0003.

#7 Updated by Wolfgang Wiedmeyer about 1 year ago

  • Assignee changed from Paul Kocialkowski to Wolfgang Wiedmeyer
  • % Done changed from 0 to 100

Also available in: Atom PDF