Home News Forum Articles
  Welcome back Join CF
You are here You are here: Home | Forum | KRACK security hole in WPA2 - VM fixes incoming?

You are currently viewing our boards as a guest which gives you limited access to view most of the discussions, articles and other free features. By joining our Virgin Media community you will have full access to all discussions, be able to view and post threads, communicate privately with other members (PM), respond to polls, upload your own images/photos, and access many other special features. Registration is fast, simple and absolutely free so please join our community today.


Welcome to Cable Forum
Go Back   Cable Forum > Virgin Media Services > Virgin Media Internet Service

KRACK security hole in WPA2 - VM fixes incoming?
Reply
 
Thread Tools
Old 16-10-2017, 22:12   #1
AndyCalling
cf.addict
 
AndyCalling's Avatar
 
Join Date: Sep 2009
Location: Southampton (Switch PT2)
Services: Fixed phone service (inclusive weekend calls) & internet service (200/12meg)
Posts: 492
AndyCalling has much to be proud ofAndyCalling has much to be proud ofAndyCalling has much to be proud ofAndyCalling has much to be proud ofAndyCalling has much to be proud ofAndyCalling has much to be proud ofAndyCalling has much to be proud ofAndyCalling has much to be proud ofAndyCalling has much to be proud ofAndyCalling has much to be proud of
Exclamation KRACK security hole in WPA2 - VM fixes incoming?

Keeping in mind today's big story:

https://www.windowscentral.com/krack

https://www.windowscentral.com/vendo...-vulnerability

Any news about the Superhubs? I have a Superhub 2, does anyone know:

1) What's the Netgear model number, so we can get some idea of our exposure?

2) If VM are going to address this for all current cable router models on their network?

Essentially, until this is resolved we have no wifi. Not great. Especially as VM have control of this and are about to crack open a nice fee increase for themselves. Hoping VM will see an opportunity here to pay us back for our generosity in giving them a bonus whilst our salaries are whittled away with below inflation rate pay offers.
AndyCalling is offline   Reply With Quote
Advertisement
Old 16-10-2017, 23:25   #2
Ignitionnet
Pragmatist
 
Ignitionnet's Avatar
 
Join Date: Jun 2008
Location: Leeds, West Yorkshire
Age: 39
Posts: 13,996
Ignitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny stars
Ignitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny stars
Re: KRACK security hole in WPA2 - VM fixes incoming?

Netgear were made aware of the issue 50 days ago.

The CGN-series I can't see any announcements for. Up to VM to deal with its customers on this one.
Ignitionnet is offline   Reply With Quote
Old 17-10-2017, 00:30   #3
AndyCalling
cf.addict
 
AndyCalling's Avatar
 
Join Date: Sep 2009
Location: Southampton (Switch PT2)
Services: Fixed phone service (inclusive weekend calls) & internet service (200/12meg)
Posts: 492
AndyCalling has much to be proud ofAndyCalling has much to be proud ofAndyCalling has much to be proud ofAndyCalling has much to be proud ofAndyCalling has much to be proud ofAndyCalling has much to be proud ofAndyCalling has much to be proud ofAndyCalling has much to be proud ofAndyCalling has much to be proud ofAndyCalling has much to be proud of
Re: KRACK security hole in WPA2 - VM fixes incoming?

Quote:
Originally Posted by Ignitionnet View Post
Netgear were made aware of the issue 50 days ago.

The CGN-series I can't see any announcements for. Up to VM to deal with its customers on this one.
Problem is, calling the support or fault line is not going to help. They will not have anything to say if VM have made no announcements and will likely not be in a position to call up the Virgin WPA2-collapse Rapid Response Team . Anyone here able to send up a flare to VM? We at least need to know which generation routers are going to be updated so we can call up and get a replacement if necessary so we can switch the wifi back on one day.
AndyCalling is offline   Reply With Quote
Old 17-10-2017, 08:33   #4
Ignitionnet
Pragmatist
 
Ignitionnet's Avatar
 
Join Date: Jun 2008
Location: Leeds, West Yorkshire
Age: 39
Posts: 13,996
Ignitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny stars
Ignitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny stars
Re: KRACK security hole in WPA2 - VM fixes incoming?

It's intensely paranoid to switch the wireless off. It's quite unlikely that someone with the necessary software and time is sitting outside your home right now trying to decrypt your WiFi traffic.

http://www.theregister.co.uk/2017/10...acken_patches/

Last I heard patches will be across the board. Clients can also be patched. If either of them are patched the attacks no longer work.

Either way as the article says if you've some shady hoodie outside your home tapping away on a laptop you likely have bigger things to be concerned by than your wireless traffic being eavesdropped on.
Ignitionnet is offline   Reply With Quote
Old 17-10-2017, 10:59   #5
Ignitionnet
Pragmatist
 
Ignitionnet's Avatar
 
Join Date: Jun 2008
Location: Leeds, West Yorkshire
Age: 39
Posts: 13,996
Ignitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny stars
Ignitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny stars
Re: KRACK security hole in WPA2 - VM fixes incoming?

Quote:
Originally Posted by AndyCalling View Post
Problem is, calling the support or fault line is not going to help. They will not have anything to say if VM have made no announcements and will likely not be in a position to call up the Virgin WPA2-collapse Rapid Response Team . Anyone here able to send up a flare to VM? We at least need to know which generation routers are going to be updated so we can call up and get a replacement if necessary so we can switch the wifi back on one day.
Just thinking about this some more.

I appreciate what the link you provided indicates however you should be aware that there is no public exploit code as yet and this is not something that we're going to see people 'war dialing' to exploit. It is a targeted attack from someone physically close, it's not exploitable over the Internet.

Keep it in context. I am quite sure you have some far more major security issues with the software, etc, you use. If you are concerned do upgrade all devices you can - the patch for clients ensures they don't allow the attacks to work.

If I or anyone else remotely educated really wanted to get at your Internet traffic there's not a whole lot you can do about it, this flaw being fixed or not, other than not use WiFi ever and use end to end encryption on everything. You weren't paranoid to the point where you disabled WiFi before this, don't be now.

It's the classic case of 'How many enemies do you actually have?!'. Unless a nation state or a major company with few morals has a reason to be interested in you, in which case to do this they'd need your home address anyway and there were all kinds of ways they could've compromised you, you're probably fine.

Keep calm and WiFi on.
Ignitionnet is offline   Reply With Quote
Old 17-10-2017, 12:11   #6
pip08456
Sad Doig Fan!
 
pip08456's Avatar
 
Join Date: Aug 2007
Location: Barry South Wales
Age: 61
Services: As I spend little time at home have an arrangemet to use a neighbours SKY connection for a small fee
Posts: 6,339
pip08456 has a bronze arraypip08456 has a bronze arraypip08456 has a bronze array
pip08456 has a bronze arraypip08456 has a bronze arraypip08456 has a bronze arraypip08456 has a bronze arraypip08456 has a bronze arraypip08456 has a bronze arraypip08456 has a bronze arraypip08456 has a bronze arraypip08456 has a bronze arraypip08456 has a bronze arraypip08456 has a bronze arraypip08456 has a bronze array
Re: KRACK security hole in WPA2 - VM fixes incoming?

Ingi's right, even if someone was remotely interested in you and wished to carry out this sort of attack there's no easy way.

First they would have to be experienced enough with Linux for carrying out penetration attacks.

Second the would have to source the software/script to perform the attack.

Third they would have to be close enough to your WiFi to pick up a strong enough signal.

Finally, let's say they've met all those requirements. If you use HTTPS, TLS, SSL (I think) or a VPN, all they would end up with is a load of encrypted material which would take that long to decrypt it would be virtually useless by the time they succeeded and were drawing their pensions.

Reports like this are not really intended for residential internet users but are intended to alert IT professionals that the vulnerability exists so that they can push out the necessary patch throughout the company they work for which is the most likely place this exploit would be of use.

Microsoft pushed out a patch on the 10th in one of it's regular update cycles, I believe it has also been pushed out to Android devices and most (if not all) router producers before it was made public.

Unfortunately clickbait sites and MSM as always blow it out of all proportion.
pip08456 is offline   Reply With Quote
Old 17-10-2017, 15:35   #7
Qtx
Masked Marauder
 
Qtx's Avatar
 
Join Date: May 2012
Services: Sky Fibre Unlimited 40/10
Posts: 3,315
Qtx has a bronzed appealQtx has a bronzed appeal
Qtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appeal
Re: KRACK security hole in WPA2 - VM fixes incoming?

Quote:
Originally Posted by Ignitionnet View Post
It's the classic case of 'How many enemies do you actually have?!'. Unless a nation state or a major company with few morals has a reason to be interested in you
Probably more of an issue for a casual user is if they live in flats and have a neighbour who likes to dabble with these things.

This flaw allows someone who couldn't crack your wifi password to listen in on the traffic anyway. Luckily most sites that allow you to login are https by default now so the traffic logged would be encrypted anyway. Cableforum doesn't do this so in the logged traffic your username and password for here would be easily visible.

I would expect an android exploit could come out sooner from individuals trying to exploit this as it's much easier to code due to almost a blank encryption key that can be forced.

VPN's encrypt the traffic so nice and safe, until you have to start wondering on what machine the RSA keys were made because of another recent problem found in hardware which is probably more of an issue than this WIFI problem. https://www.bleepingcomputer.com/new...dors-affected/
__________________
Virgin to Sky switch=best decision ever
-----
The greatest trick the Devil ever pulled was convincing the world he didn't exist. And like that, poof. He's gone.
Qtx is offline   Reply With Quote
Old 17-10-2017, 18:04   #8
Ignitionnet
Pragmatist
 
Ignitionnet's Avatar
 
Join Date: Jun 2008
Location: Leeds, West Yorkshire
Age: 39
Posts: 13,996
Ignitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny stars
Ignitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny starsIgnitionnet has a pair of shiny stars
Re: KRACK security hole in WPA2 - VM fixes incoming?

Quote:
Originally Posted by Qtx View Post
VPN's encrypt the traffic so nice and safe, until you have to start wondering on what machine the RSA keys were made because of another recent problem found in hardware which is probably more of an issue than this WIFI problem. https://www.bleepingcomputer.com/new...dors-affected/
If a public VPN nice and safe until it reaches them, they can then do as they please with the data. TL;DR don't use public VPNs unless you have a really good reason.

The Infineon TPM issue is far more serious but involves horrid to understand things like large prime numbers with structures that permit factorisation far more quickly than would be possible with a general number field sieve. Doesn't quite have the same punch as KRACK.
Ignitionnet is offline   Reply With Quote
Old 18-10-2017, 11:54   #9
rtho782
cf.member
 
Join Date: Nov 2016
Posts: 70
rtho782 is an unknown quantity at this point
Re: KRACK security hole in WPA2 - VM fixes incoming?

KRACK's main implication is for client devices not the AP.

You need updates for all your wifi enabled toothbrushes or fridges, not your VM superhub.

Good luck with that!!
rtho782 is offline   Reply With Quote
Old 19-10-2017, 16:42   #10
Kushan
FORMER Virgin Media Staff
 
Kushan's Avatar
 
Join Date: Dec 2010
Location: Warrington
Posts: 4,332
Kushan has a bronzed appealKushan has a bronzed appeal
Kushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appeal
Re: KRACK security hole in WPA2 - VM fixes incoming?

Quote:
Originally Posted by rtho782 View Post
KRACK's main implication is for client devices not the AP.

You need updates for all your wifi enabled toothbrushes or fridges, not your VM superhub.

Good luck with that!!
Came here to say this, clients need updating as much as routers do.
__________________
My views are my own and in no way reflect those of Virgin Media.
Kushan is offline   Reply With Quote
Old 21-10-2017, 07:27   #11
Dude111
An Awesome Dude
 
Join Date: Mar 2009
Posts: 1,349
Dude111 is a pillar of societyDude111 is a pillar of societyDude111 is a pillar of societyDude111 is a pillar of societyDude111 is a pillar of societyDude111 is a pillar of societyDude111 is a pillar of societyDude111 is a pillar of societyDude111 is a pillar of societyDude111 is a pillar of societyDude111 is a pillar of societyDude111 is a pillar of societyDude111 is a pillar of societyDude111 is a pillar of societyDude111 is a pillar of societyDude111 is a pillar of societyDude111 is a pillar of societyDude111 is a pillar of societyDude111 is a pillar of society
Quote:
Originally Posted by Ignitionnet
It's intensely paranoid to switch the wireless off.
I turn mine off after everytime I use it.. It is not good to be exposed to RF for no reason...

I unplug the modem when Im done.......
Dude111 is offline   Reply With Quote
Old 21-10-2017, 16:52   #12
Skie
a giant headend
 
Join Date: Jan 2011
Location: Liverpool
Posts: 991
Skie has reached the bronze age
Skie has reached the bronze ageSkie has reached the bronze ageSkie has reached the bronze ageSkie has reached the bronze age
Re: KRACK security hole in WPA2 - VM fixes incoming?

Quote:
Originally Posted by Dude111 View Post
I turn mine off after everytime I use it.. It is not good to be exposed to RF for no reason...
You got lead lined walls to keep out all the other sources of RF?
Skie is offline   Reply With Quote
Old 21-10-2017, 18:32   #13
Synthetic
cf.geek
 
Join Date: Jul 2010
Location: Newcastle
Posts: 553
Synthetic is just really niceSynthetic is just really niceSynthetic is just really niceSynthetic is just really niceSynthetic is just really niceSynthetic is just really nice
Re: KRACK security hole in WPA2 - VM fixes incoming?

Quote:
Originally Posted by Dude111 View Post
I turn mine off after everytime I use it.. It is not good to be exposed to RF for no reason...

I unplug the modem when Im done.......
Yeah me too, I also turn off my electricity at the breaker box at night, just because *

*Not really!
Synthetic is offline   Reply With Quote
Old 21-10-2017, 21:01   #14
Springy
cf.member
 
Join Date: Oct 2008
Posts: 28
Springy is an unknown quantity at this point
Re: KRACK security hole in WPA2 - VM fixes incoming?

If your router is being use a just a router then the router does not need updating.

If the router is being used as a repeater then you have a problem as this is acting as a client and is affected by the 3rd hand shake with the resetting of the nonce.

Don't believe superhub can be used as a repeater itself so it should be safe.

The issue is with the client devices, and Android 6 has a really bad flaw with the key resetting and that needs to be patched.

But yeah, to do this you need to have a man in the middle device acting like the wifi device and dropping the 3rd hand shake. It isn't something I would thought would be overly used as just sitting outside a open wifi network achieves the same thing and does not require all this messing around.
Springy is offline   Reply With Quote
Old 23-10-2017, 22:58   #15
Kushan
FORMER Virgin Media Staff
 
Kushan's Avatar
 
Join Date: Dec 2010
Location: Warrington
Posts: 4,332
Kushan has a bronzed appealKushan has a bronzed appeal
Kushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appealKushan has a bronzed appeal
Re: KRACK security hole in WPA2 - VM fixes incoming?

Quote:
Originally Posted by Dude111 View Post
It is not good to be exposed to RF

[citation needed]
__________________
My views are my own and in no way reflect those of Virgin Media.
Kushan is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 01:28.


Server: xenon.zmnt.net
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2017, vBulletin Solutions Inc.