PDA

View Full Version : KRACK attacks



mavit
2017-10-16, 02:50
A serious security vulnerability in WPA2 was made public today, mainly affecting Wi-Fi clients. See https://www.krackattacks.com/ for details. What are the chances of seeing updated Squeezebox firmware to address this?

drmatt
2017-10-16, 06:14
About zero. The Krack has no known exploits in the wild by the look of it, for now. And I doubt you're that worried about the security of the data going to your squeezeboxes..?


Transcoded from Matt's brain by Tapatalk

bpa
2017-10-16, 06:22
It will only become relevant when an official soution is agreed (the problem is a protocol flaw not an implementation one) and router firmware is updated. According to reports - Apple have been working on the flaw for about a month and no update so far !

drmatt
2017-10-16, 06:27
And yet BSD got a fix out in less than a month. Apple should just pick that up.. ;)


Transcoded from Matt's brain by Tapatalk

pippin
2017-10-16, 06:34
OK, drop my first comment, both clients and APs need patching.
That said: SBs usually don't transmit that much sensitive data although they can of course be used to hack into whatever is on your network once they have access.

John Stimson
2017-10-16, 08:52
That said: SBs usually don't transmit that much sensitive data although they can of course be used to hack into whatever is on your network once they have access.That seems like a pretty serious concern. I don't really want some random person operating a machine on my private LAN. While my hope is that the only thing you can do to a SB by injecting arbitrary data into its TCP/IP connections is to make it play noise or abort playback, I don't know that for certain. If you can use KRACK to make a connection to any port you want, then you can telnet in to the SB and get a shell.

drmatt
2017-10-16, 09:10
Only if you enable it.


Transcoded from Matt's brain by Tapatalk

pippin
2017-10-16, 09:18
Well, right now not a single one of your devices is safe, long term weĎll have to see.

Mnyb
2017-10-16, 09:56
And old squeezeboxes will have the same faith as any other dead not longer developed product , it will not get any patches .

But I'm more concerned about the laptop iPad iPhone and router at the moment

pippin
2017-10-16, 10:51
... for which you might not get any updates pre-iOS 9, too.
And most Android devices probably will not get an update at all

drmatt
2017-10-16, 14:19
Life will go on. Like with most vulnerabilities someone would have to drive by and target you.


Transcoded from Matt's brain by Tapatalk

slartibartfast
2017-10-16, 22:34
Life will go on. Like with most vulnerabilities someone would have to drive by and target you.


Transcoded from Matt's brain by TapatalkUnless they were neighbours.

Sent from my SM-G900F using Tapatalk

drmatt
2017-10-17, 00:48
Unless they were neighbours.

Sent from my SM-G900F using TapatalkYou have nice neighbours..


Transcoded from Matt's brain by Tapatalk

slartibartfast
2017-10-17, 00:58
You have nice neighbours..


Transcoded from Matt's brain by Tapatalk[emoji3]
I was thinking more of blocks of flats where your WiFi is visible to very many "neighbours"

Sent from my SM-G900F using Tapatalk

pippin
2017-10-17, 02:52
Well, I could think up quite a number of scenarios where I donít have to be a neighbor myself, just look at how many hacked devices there are already out there, if you use any of those to hack other WiFi networks you can get quite a reach.

All of that said: unless there are ADDITIONAL vulnerabilities, KRACK doesnít mean people can hack your devices, you can only sniff the communication. Itís a bit like being on a public network, like in a cafe or so.
Of course there are then additional risks if people are able to sniff passwords etc. and itís not a desirable situation but what kind of sensitive information is usually going to or from your Squeezebox?

eindgebruiker
2017-10-17, 03:38
From https://www.krackattacks.com:

As a result, even though WPA2 is used, the adversary can now perform one of the most common attacks against open Wi-Fi networks: injecting malicious data into unencrypted HTTP connections. For example, an attacker can abuse this to inject ransomware or malware into websites that the victim is visiting.
Encryption is a first line of defense. This is now gone. Do you trust both the Squeezebox software and Squeezebox server software to be free of vulnerabilities?

eindgebruiker
2017-10-17, 03:40
[emoji3]
I was thinking more of blocks of flats where your WiFi is visible to very many "neighbours"

In my apartment I can see over 20 wifi networks around me.

mavit
2017-10-17, 03:41
Of course there are then additional risks if people are able to sniff passwords etc. and itís not a desirable situation but what kind of sensitive information is usually going to or from your Squeezebox?

My understanding is that traffic can also be injected onto the network. An attacker could connect to Logitech Media Server and do any of the bad things described at http://forums.slimdevices.com/showthread.php?107165-IMPORTANT-Stop-forwarding-your-LMS-ports-to-the-internet!&p=879191&viewfull=1#post879191, including extracting sensitive data that happens to be on the same machine that runs the server.

drmatt
2017-10-17, 03:49
Time for an SSL wrapper....


Transcoded from Matt's brain by Tapatalk

epoch1970
2017-10-17, 04:00
Do you trust both the Squeezebox software and Squeezebox server software to be free of vulnerabilities?
I believe the thin client SB are pretty impervious to anything ;)
LMS and its base OS, that is another story. For maintenance reasons many put LMS on a VM or on a dedicated server (a Pi). Now just move that machine to its own LAN.
If that's too inflexible, use a VM or containers on the desktop PC and use that for online banking etc. And keep that thing offline most of the time.
Problem solved.
(If there is any problem for home networks, that is. A quick read made me think the attack process required accessing the wired LAN first?)

You can also run something like Openvpn on top of your wifi network. That keeps the wifi network empty except for the VPN server. I remember having done that in pre-WPA days.

pippin
2017-10-17, 04:07
My understanding is that traffic can also be injected onto the network. An attacker could connect to Logitech Media Server and do any of the bad things described at http://forums.slimdevices.com/showthread.php?107165-IMPORTANT-Stop-forwarding-your-LMS-ports-to-the-internet!&p=879191&viewfull=1#post879191, including extracting sensitive data that happens to be on the same machine that runs the server.

That's what I said, isn't it? I said "without additional vulnerabilities".
The question is: will someone go all the way to do such a complicated attack just to attack your music server? Unlikely IMHO, not impossible.
If there are more vulnerabilities and you an e.g. gain more rights on the server, that's when it gets more critical.
A good remedy here would be to run LMS from a VM that only has read access to your music but that can get complicated quickly, at least if you still want to be able to store playlists, set ratings etc.

pippin
2017-10-17, 04:10
Time for an SSL wrapper....


Doesn't really help on a home network. You'd have to use certificate pinning as well because you can't identify the server and that would probably beyond "usable".

drmatt
2017-10-17, 05:17
Doesn't really help on a home network. You'd have to use certificate pinning as well because you can't identify the server and that would probably beyond "usable".I would think a VPN bridge would be the only workable way, bridging between the wired segments of your network over the wireless segments.


Transcoded from Matt's brain by Tapatalk

iPhone
2017-10-17, 06:58
In my apartment I can see over 20 wifi networks around me.

And how many have you broken into? I am betting none. Most people first don't have the skills plus in today's it "All About Me Social Media World" they don't have the time either.

In another post I think Pippin mentions open wifi networks like at cafes, you just would not believe what people do on an Internet connection without even a thought to it. I have a copy of the Ukrainian WiFi Network Viewer Program and I can tell you from sitting in a large city McDonald's or Panera Bread Cafe that people have no common sense about Internet Security much less WiFi security. People viewing Online Banking, Paying Bills, checking credit cards, reading emails, and even some pervert viewing porn at McDonald's. With a simple $39 program one can see their Usernames, Logins, and passwords plus collect every keystroke they make while on Open WiFi. And people using Windows based laptops that blindly broadcast their IP and MAC Addresses anybody can log right into their PC!

Besides, which one of us has anything worth the time to go to the trouble to backdoor an SB3 to access our Network?

John Stimson
2017-10-18, 10:20
Besides, which one of us has anything worth the time to go to the trouble to backdoor an SB3 to access our Network?I don't know, maybe the dude with a house full of Vandersteens has a pretty juicy bank account?

I don't think that relying on the laziness of criminals is a very good security philosophy.

iPhone
2017-10-18, 12:22
I don't know, maybe the dude with a house full of Vandersteens has a pretty juicy bank account?

I don't think that relying on the laziness of criminals is a very good security philosophy.


I agree which is why my Networks are as completely secure as possible. Now here is a thought, how do they KNOW I have Vandersteen and Ayre products in my house when they see my SB3? Riddle me that?

More importantly, how do they get to my back account? I run two networks in my home. The first network that is attached to the Internet is probably more secure then networks the Government is running (knock on wood, I have never been hacked) because it has commercial Cisco Routers and real firewalls with only Ethernet connections for all devices IE no WiFi. My second network is a WiFi network without Internet that has a Sonic Wall Wifi Router and my Vortexbox Server that again has no connection to the Internet. Besides the server the only devices on the WiFi Network are my Squeezeboxes (both Ethernet and Wifi connections), my iPhone/iPad (for use with iPeng), and that is it.

So how do they get to any of my personal information much less my bank account when no computer or laptop connects via WiFi or is on a network with KRACK vulnerability? If anybody takes the time to hack my SB3, other Squeezeboxes, or even my WiFi Router to gain access to my WiFi Network all they are going to reach is my Vortexbox Server and see my music collection. They could easily get more information online about me from the open County Property Tax records then from my WiFi Network!

drmatt
2017-10-18, 13:40
Let's not overreact.... It's just a hard to execute proof of concept crack of a security protocol which will likely be fixed on most things you care about before there are exploits in the wild. Keep your knickers untwisted.


Transcoded from Matt's brain by Tapatalk

eindgebruiker
2017-10-19, 13:50
And how many have you broken into?
The point is that those other people can see my network too. And I was mistaken: I can see over 75 networks.

However, I just checked my Touch, and it uses wpa_supplicant version 0.5.7, which is very old and does not contain the all-zero vulnerability mentioned on krackattacks.com.

drmatt
2017-10-19, 13:56
Too old to be vulnerable.. haha


Transcoded from Matt's brain by Tapatalk

pippin
2017-10-19, 14:03
That doesnít mean itís not vulnerable. Itís just more complicated to break than more modern Linux versions.

earthbased
2017-10-19, 15:36
As long as KRACK cannot see Pre-Shared WPA2 password then I am not worrying. Furthermore, both WiFi access point and client have to be unpatched for this hack to work.

drmatt
2017-10-19, 22:53
... AND the attacker has to be both quicker and nearer to the end point to override the signal coming from your router. Long shot at best.


Transcoded from Matt's brain by Tapatalk

iPhone
2017-10-20, 14:28
.
.
So you folks in Apartments and Stacked Living are really the only ones that need to worry (next time you wake up in the middle of the night, look around to see which neighbors lights are on, that is probably the guy you need to worry about).:rolleyes:

eindgebruiker
2017-10-21, 02:42
You'd better watch out riding around with your Squeezebox Touches :p

iPhone
2017-10-21, 12:43
You'd better watch out riding around with your Squeezebox Touches :p

Guess I better remove the WiFi cards before somebody takes over my Thunderbird while I'm driving down the road! :cool:

Davesworld
2017-11-03, 16:43
I like how this made the news but WPA2 was cracked by other methods long before this and one could be a block away to do them. The reasons this one bothers me even less is because they have to be awfully close to pull it off and the other reason is that I ALWAYS run my wireless lan on a different subnet than my lan with no access to the lan from the wlan. If I truly needed a secure wireless connection I would run my wireless in a VPN tunnel across the wireless link. The Opera browser has a VPN widget built in and is very handy while traveling with a laptop.

I use wired connections as much as possible and only do so with my Squeeze ecosystem. I would never have thought to expose my server via a wireless link. I only use wireless to stream movies over a roku or stream internet radio as neither of those need access to my lan.

It puzzles me why people are just now worried about security over wifi, it never really existed without VPN

pippin
2017-11-03, 21:16
Itís just not very convenient to not use wireless remote control. The most important reason to use a Squeezebox for many users.

iPhone
2017-11-04, 08:06
It puzzles me why people are just now worried about security over wifi, it never really existed without VPN


Probably because it never really made the news plus it was the "Topic de Jour" as it is now with all the hackings of Target, Home Depot, Equifax in the news recently.

But you are correct, Ethernet everything one can plus keep Servers off the WiFi network. I am shocked every time I monitor what people are doing over unsecured WiFi at McDonald's or the local Coffee House.