# WPA2 KrackAttack



## Phishfry (Oct 16, 2017)

So where is WPA3? Sure seems like there has been enough time to implement it. WPA2 has been around for at least 13 years now.

http://www.zdnet.com/article/wpa2-security-flaw-lets-hackers-attack-almost-any-wifi-device/


----------



## chavez243ca (Oct 16, 2017)

Didn't see a security-specific board, feel free to move this to another more appropriate venue. Just seeking comment on FreeBSD status WRT the WPA2 attack. Sounds like OpenBSD got a heads-up and patched at the end of August.

hxxps://www.krackattack.com

hxxps://www.openbsd.org/errata60.html


----------



## ekingston (Oct 16, 2017)

I'm not aware of any FreeBSD specific activity but then, I only learned about this particular bit of nastyness today.

As I understand it, FreeBSD uses wpa_supplicant and I suspect it is mostly just sourced from up stream. So, until that gets fixed, the exposure exists. But I do not speak for FreeBSD, nor am I a part of the team. I am, however, paying attention to this one.


----------



## chavez243ca (Oct 16, 2017)

same here - just following along out of interest, won't affect any of my *BSD boxen as they are all hard-wired, but there's probably a dozen devices at home that could be of some concern.


----------



## xtaz (Oct 16, 2017)

There is a thread about it on the current mailing list, including a patch. https://docs.freebsd.org/mail/current/freebsd-current.html


----------



## SirDice (Oct 16, 2017)

Merged threads regarding KRACK into one thread and moved to Off-topic.

Off-topic might seem a bit an odd place but it covers more bases, this issue isn't necessarily  specific to FreeBSD. It involves a lot more devices running a variety of operating systems.


----------



## Oko (Oct 17, 2017)

Phishfry said:


> So where is WPA3? Sure seems like there has been enough time to implement it. WPA2 has been around for at least 13 years now.
> 
> http://www.zdnet.com/article/wpa2-security-flaw-lets-hackers-attack-almost-any-wifi-device/


Fixed in OpenBSD 3 months ago

https://marc.info/?l=openbsd-misc&m=150814941311682&w=2


----------



## SirDice (Oct 17, 2017)

https://mobile.slashdot.org/story/1...krack-wi-fi-vulnerability-available-right-now

Lots of manufacturers appear to have patches for it now.


----------



## Phishfry (Oct 17, 2017)

There was a good technical writeup on hackernews today.
https://blog.cryptographyengineering.com/2017/10/16/falling-through-the-kracks/


----------



## obsigna (Oct 17, 2017)

Oko said:


> Fixed in OpenBSD 3 months ago
> 
> https://marc.info/?l=openbsd-misc&m=150814941311682&w=2



Nothing to be particularly proud of. Theo de Raadt egoistically cheated the disclosure procedure:

https://marc.info/?l=openbsd-misc&m=150815942414653&w=2


----------



## sidetone (Oct 17, 2017)

obsigna said:


> Nothing to be particularly proud of. Theo de Raadt egoistically cheated the disclosure procedure:
> 
> https://marc.info/?l=openbsd-misc&m=150815942414653&w=2


It makes no sense to have an embargo.


----------



## rigoletto@ (Oct 18, 2017)

Just to notice, the port was patched yesterday and Base today.


----------



## SirDice (Oct 18, 2017)

Yep.

https://www.freebsd.org/security/advisories/FreeBSD-SA-17:07.wpa.asc

I'm somewhat surprised to see a patch for 11.0-RELEASE. FreeBSD 11.0-RELEASE will be EoL some time soon.


----------



## FreeBSD user (Oct 19, 2017)

How did OpenBSD patched for wpa bug in july but others fail to do so and n FreeBSD provided patch on 17 oct only. Another question is that if it is necessary to update router firmware's to along system update?


----------



## rigoletto@ (Oct 20, 2017)

For the first question: OpenBSD.

About the router you should look at the router channels, but almost certainly yes. The problem you may find is if its maker will release an update. Most consumer router should never see an update if they are not a new/recent model but you can always look if your model is supported by a third party like DD-WRT or OpenWRT.


----------



## ronaldlees (Oct 26, 2017)

I finally got my FreeBSD boxes updated to the new WPA2/wpa_supplicant.  I'm supposed to feel more secure now.  But do I?  How would I ever know if it's working other than by trying to hack myself?  It all feels sorta smoke-and-mirrorish TBH.

One odd thing happened when I installed the binary package via `pkg`.  I tried to move the /var/cache/pkg/wpa_supplicant archive file over to my SSD archive directory for safe keeping. Unfortunately, it wouldn't move.  That was very strange to me, as I kept getting a message to the effect that the .txz file wasn't a directory.

So ... I decided to upgrade ports and install the ports version of wpa_supplicant.


----------



## SirDice (Oct 26, 2017)

ronaldlees said:


> How would I ever know if it's working other than by trying to hack myself?


How can you tell if _any_ security update fixes the issue? There's always a certain level of trust involved.


----------



## ronaldlees (Oct 26, 2017)

SirDice said:


> How can you tell if _any_ security update fixes the issue? There's always a certain level of trust involved.



True.  I think that my general paranoia about such things has prompted forced me to learn many things more deeply than I otherwise would.


----------



## Phishfry (Jan 9, 2018)

Well it looks like WPA3 has been announced.:
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-security-enhancements


----------

