ASUS Krackattack patch?

[joltdude]

I hope that something good will come out of this, and manufacturers will become legally forced to provide a required minimum of support for products that are still fully usable. A three years old phone is NOT an unusable product, it should still be covered by security updates.

I hope organizations and customers will start applying pressure on those abandonware manufacturers.

I really hope Qualcomm gets flack for this.. they have dropped support for quite of a few IOT devices namely wifi streamers that use their chipset...
Also all the mediatek phones that havent seen a security update in years ........

Know logitech doesnt plan to do jack for the squeezeboxes.. since its been shuttered...
Supposedly Grace Digital *cant* do anything for their older models.. (again qualcomm issue)
Yes its "only" a radio but still...



-J

 

[ok_bbq]

I agree, but what I read so far nothing happens. Even new phones aren't updated regularly... Shame..

When I had Verizon phones they almost NEVER pushed android updates. So I bought a Nexus 5x unlocked from Google. I have that and a Google Nexus 7 tablet and Google religously pushes updates to both the phone and tablet. Now whether there has been a KRACK patch among those updates I do not know.

 

[NotMeReally]

How many wifi-enabled TVs, BD-ROM players will be left unpatched? Quite a lot - probably the majority of them. Thankfully, most (if not all) of the smart services are over https, so there's no risk of having your Netflix credentials stolen by it. But it's still disturbing. Who knows if, at some point, someone won't devise an attack that leverage those new vulnerabilities, to perform a more intricate MITM attack where they'd be able to also hijack the TLS session and access the encrypted data? Hundreds of thousands of Netflix logins would suddenly become compromised.

Actually CERT says this vulnerability means that unpatched clients might be further attacked and turned into zombies etc once the main network firewall is bypassed. It all depends on the additional security implemented by network clients. More powerful but less stressed platforms might not given any sign of a hack. That is why clients are the priority.

When routers are hacked it quite often quickly becomes obvious as the more eleaborate the hack software the more it interrupts and slows normal router operations. Plus even the worst routers tend to have better standalone security than say an Internet TV. At least if you did the least wizard recommended changes to passwords etc.

 

[NotMeReally]

I really hope Qualcomm gets flack for this.. they have dropped support for quite of a few IOT devices namely wifi streamers that use their chipset...
Also all the mediatek phones that havent seen a security update in years ........

Know logitech doesnt plan to do jack for the squeezeboxes.. since its been shuttered...
Supposedly Grace Digital *cant* do anything for their older models.. (again qualcomm issue)
Yes its "only" a radio but still...



-J

Actually most those old devices cannot be updated as the chip code is in ROM not FLASH. But as I understand it manufacturing process standardization and commercial uses are tending to push toward FLASH.

ROM was actually chosen to ensure that the factory code was secured and could NOT be changed by middlemen in the chip vending business. Lets just say this decision was made way back in the 1980s by DOD and other federal acronyms. And they were probably right. IMHO major US industry would have used such features if they could buy or bribe a competitor's vendors. I am sure the recording industry would to protect their copyrights. Then there really are occasions of nation versus nation spying if maybe not that frequently.

I think most the few exploits are riding in chip RAM (stacks). Though nothing keeps a higher OS from re-exploiting on power up. But again there were a few chips with FLASH software even in the old days.

LOL - storage devices are generally an exception only because the same industry advisers (DOD, etc) have a large appetite for storage devices and want to run custom code for encryption etc. From what I understand they tend to do mass updates ofthat code after things like Snowden.

Honestly the use of ROM would be acceptable if the updated ROM chips were low cost and could be slipped in like micro-SDs

 

[NotMeReally]

There is a simple solution for this problem: Do not buy devices where the vendor is not providing updates!
And/or check upfront if there is a alternative Firmware for the phone or router!

I do this since my first smartphone and routers since 2013 with good success:
- Smartphone with CyangenMod/LineageOS have a very long lifespan with updates!
- Router only with OpenSource/AsusWRT alternatives to avoid being dependent on the vendor only!

From my perspective: Shame on the customers who buy devices with vendor lock-in and no updates! Remember: You as the customer has the power by selecting the right vendor!

Not as likely for TVs and other appliances at the current time. I have been amazed at LG still occasionally updating our 4K TV for nearly 2 years. If that helps anyone choose a TV. Not sure how bulletproof WebOS is at the foundation level though.

 

[NotMeReally]

Again - this is mostly a client side issue. And it includes all adapters that support WPA2 independent of it being 11g/11a/11n/11ac - it's an OS supplicant item.

Folks skilled in the arts have the appropriate adapters that can facilitate attacks like this... I have a purpose built box that can facilitate this directly.

KRACKAttack is easily understood - and yes, it can be fixed - my primary concern is not there - but the vulns in the chipset RTOS - aka BroadPWN and similar, which are not easily fixed, as that is below the OS driver layer in the WiFi stack of things. This isn't really that much different than the WPS reaver attack, and there's the well known hole 109 attack against the WPA/TKIP group keys.

WPA/WPA2 is mostly vulnerable to implementation details, not how 802.11 is in general... these days however, folks are looking hard at this, as OS level stuff is getting better...

Lots of forces wanting to keep chip RTOS on ROM for security of original source. So cheap replaceable chips via SD like slot is one possibility. Improved "firewall" of chip RTOS address space from external devices is probably advisable whether to protect FLASH or simple stackover flow exploits driven by higher level OS.

But making RTOS easily accessible for update...big can of worms. TBH it truly only helps the security expert/hobbyist unless you grow that RTOS to attempt Windows style idiot proofing. Which inherently peaks the interest of black hat hackers and eases access once you find the inevitable bug. Since 99.999% of people will never become an expert tweaker at this level for positive reasons...I suspect the goal of a $3 snapin update chip would have a more positive impact. That is unless your intent is to vastly expand the number of mind numbing but profitable IT jobs.

Heh heh but for our purposes here...yeah lobby for a limited run FLASH version of every RTOS chip for hobbyists and engineers. But for common security it needs a very unique visual appearance compared to the ROM version...donut shaped chip maybe? That would help keep all those would be semi-professional spies from sticking a chip with hacked code onto your cellphone, TV, etc. I for one prefer to make my own leaks and screw ups at work without remote help.

Yeah it would be a pain to make a PC board adapter for round IC chips. But it could be done and even mass produced for hobbyists. Thing would be that the hack would be physically obvious to simple inspection for places where it was not supposed to be. yet it would work for hobbyist who did not care about ugly or hiding their work

 

[NotMeReally]

Again - this is mostly a client side issue. And it includes all adapters that support WPA2 independent of it being 11g/11a/11n/11ac - it's an OS supplicant item.

Folks skilled in the arts have the appropriate adapters that can facilitate attacks like this... I have a purpose built box that can facilitate this directly.

KRACKAttack is easily understood - and yes, it can be fixed - my primary concern is not there - but the vulns in the chipset RTOS - aka BroadPWN and similar, which are not easily fixed, as that is below the OS driver layer in the WiFi stack of things. This isn't really that much different than the WPS reaver attack, and there's the well known hole 109 attack against the WPA/TKIP group keys.

WPA/WPA2 is mostly vulnerable to implementation details, not how 802.11 is in general... these days however, folks are looking hard at this, as OS level stuff is getting better...

CERT seems to say ASUSTek told CERT it has a patch as of 19 Oct 2017. But that patch is not yet released. Probably deployment to individual router ROMs and testing yet.

Any inside track Merlin on approximately when to expect ASUSTek release? And more important -- once you have their patch how long until you can patch up your custom code for AC66? Of course other people will have similar questions about their favorite router too...so you got a range of dates to cover most the supported models? I assume some models will easily fall into your first pass of re-compiles and some will get delayed for later 'massaging" due to code space/alignment issues.

Such info will help me decide if I should watch for and temporarily move to ASUSTek official ROM. And probably other excessive worry warts as well.




"Routers are only vulnerable to our attack if they support the Fast BSS Transition (FT) handshake. This handshake is part of 802.11r, which is mainly supported by enterprise networks, and not home routers. " "That said, some vendors discovered implementation-specific security issues...even if your router does not support 802.11r, it might still have to be updated." "... mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming)."

"It's possible to modify the access point (router) such that connected clients are not vulnerable to attacks against the 4-way handshake and group key handshake. Note that we consider these two attacks the most serious and widespread security issues we discovered. However, these modifications only prevent attacks when a vulnerable client is connected to such a modified access point. When a vulnerable client connects to a different access point, it can still be attacked."

 

[NotMeReally]

https://rog.asus.com/forum/showthread.php?96750-WiFi-using-WPA2-KRACK-attack

Your devices are only vulnerable if an attacker is in physical proximity to your wireless network. .

LOL - yes they must be close enough to use Wi-Fi ...and so do you. Pretty empty mitigation statement.

Yes AsusTek is on the CERT list of vulnerable vendors though a list of specific equipment is not given.

AsusTek updated their status on 19 Oct 2017. So I am guessing they told CERT they have a preliminary patch.
But since no patch is yet released I can only assume they still are in the process of deploying the patch to the individual router ROMs etc and then testing.

But given they had access to the early boilerplate code from the bug discovers and CERT...
I would think updates for some models would be coming out any day. Unless the code is bulky enough to cause issues squeezing it on ROM.