WPA2 protocol used by vast majority of wifi connections has been broken by Belgian researchers

a reply to: Jonjonj

Why does everything need to be broken? Why can't people who work out how to break things also work out how to fix them?

Because finding ways to broke things IS THE WAY TO MAKE THEM SECURE and it put pressure on mfg to produce reliable and tested things, else they are exposed as botcher.

Why dont you ask this question to the alphabet agencies instead?

The old saying that "locks only keep the honest people out" applies to Wifi in general.

There is a Linux distribution called Kali Linux. It is basically a penetration-testing toolset. It contains several tools that can be deployed against wireless networks, including those protected with WPA2.

One of the tools is called Reaver.

Reaver performs brute force attacks against Wifi Protected Setup (WPS) registrar PINs to recover the WPA/WPA2 passphrase. Since many router manufacturers and ISPs turn on WPS by default a lot of routers are vulnerable to this attack out of the box.

So, if WPS is enabled in your Wifi Router, the passphrase can already be hacked. If the attacker captures the handshake sequence, he can likely use his knowledge of the passphrase to get the session key. Thus being able to decrypt all of the other packets he may have captured.

It's actually rather trivial to create your own Wifi hacking computer. You can create a thumb drive with the Kali image and use it to boot up most laptops, without modifying the resident OS at all. If you have a basic knowledge of Wifi and networking you can start using the toolset relatively quickly.

ETA: This is a publicly available penetration testing tool. It's not some kind of illegal darknet hacker program.
ETA2: This link provides a description of some of the tools in Kali Linux

-dex

originally posted by: Terminal1
Just a question...

I live out in the country and have a router and a repeater set up to cover all the buildings on my property.

I leave the WiFi open because my kids and grandkids, as many as there are, someone is always bringing a new device or gaming system.

I figure that since I am fairly isolated I would be able to see anyone coming towards the house to get into range of my wifi.

Am I wrong in thinking this way?

yes.
i have a directional antenna system for wifi that i can pick up systems at over 2 miles away.
learntomato.com...

a reply to: Terminal1

You don't have anything to fear unless you have someone nearby who wants to do something horrible. But if it is a vast area that you own with no one else nearby you should be fine. Your chances of having someone hack into are pretty alim seeing how hackers love densley populated areas.

And since these hackers are looking for quantity over quality (people), you should be just fine. The hacker would have to be sitting, or have something sit to monitor traffic. Or hack into your pc and install something, which is harder than it sounds. And even so, if you are making purchases online over the wi fi network they still have to work through the security hashes.

Keystrokes on your computer can not be sent over a wifi signal. Only the data that gets sent through the wifi signal can be obtained. Password blocks turn your characters that you type in, into a hash for the other computer to solve. This hash can be up to 256 bit, or now 512 bit information. (Think 1 keystroke is 256 bits of information instead of 1 bit.)

Unless the hacker knows what type of words or letters you use in your password then he can not login.

He can monitor your emails and even read what is in them, but all emails hide your credit card numbers and now include even hiding your password in them. Save for some emails that send you a copy of your password. Just make sure you change your "main password" if details or a common link can be established to your password.

MOST people are to dumb to even turn OFF WPS (Wifi Protected Setup) anyway.

You want your neighbor to steal your wifi?

Leaving WPS on is how you get your wifi stolen.

People using technology they don't take the time to learn to use.

SMH

a reply to: GiulXainx

"They" can reconstruct the RF signals from your monitor and SEE what is on your screen from down the street.

HELL....enterprising folks can build the gear to do it. It's called Van Eck Phreaking:

Van Eck phreaking is a form of eavesdropping in which special equipment is used to pick up side-band electromagnetic emissions from electronics devices that correlate to hidden signals or data for the purpose of recreating these signals or data in order to spy on the electronic device.

Side-band electromagnetic radiation emissions are present in and, with the proper equipment, can be captured from keyboards, computer displays, printers, and other electronic devices.

Wikipedia

And it is ENOUGH of an actual threat that NATO and the US GOV protect against it. Enter TEMPEST (codename):

TEMPEST is a National Security Agency specification and a NATO certification [1][2] referring to spying on information systems through leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations.[3] TEMPEST covers both methods to spy upon others and how to shield equipment against such spying. The protection efforts are also known as emission security (EMSEC), which is a subset of communications security (COMSEC).[4]

Wikipedia

None of ya'll are TEMPEST certified I'm guessing.

a reply to: DanteGaland

That particular technique only works on CRT monitors, and even then it never generated the resoution needed to read text. At best you could get blurry images from it.

originally posted by: Aazadan
a reply to: DanteGaland

That particular technique only works on CRT monitors, and even then it never generated the resoution needed to read text. At best you could get blurry images from it.

WRONG.

Read the WIKI. LCD's have been successfully done.

I could access your network from over a mile away (probably, depending upon where you live - climate, temp, humidity, etc) with the appropriate antenna and or a boosted power transmitter. I've seen some amazing antennas pick up networks 2-3 miles away where the signal drops off after 300ft with a normal laptop.

originally posted by: SR1TX
a reply to: Terminal1

I provide internet to customers like you.

You are not wrong in any way. You are actually far better off as anything within connecting distance of your Wi-Fi signal is also within shooting distance as well.

Lol, says you...

originally posted by: Apollumi
It's why our company laptops could only route (default route) through an IPSEC vpn tunnel. All of the traffic was encrypted back to the main office and then it went through Websense and an IDS/IPS before it ever went to the Internet. This introduced some additional latency for non office traffic but better safe than sorry. It means I did not have to worry about anything in between.

For the home user they have private VPN services if you want to pony up. Although you can get it free if you look around a small bit.

A Free VPN for home use. Yeah, about as good and as "free" as the old anonymous proxies. Do you really think that there isn't something hidden behind those "free" VPN's? What does some company just have a few hundred gigabits of bandwidth sitting unused that they are deciding to give out for free? Does that make sense?

originally posted by: Cofactor
a reply to: Terminal1

I figure that since I am fairly isolated I would be able to see anyone coming towards the house to get into range of my wifi.

Wrong assumption! Since you are fairly well isolated, reception of your signal is not degraded by hundreds of nearby WiFi masking your transmission. With a very high gain antenna and line of sight, even of scatter signal from top of electric pole, it is possible to connect at you from kilometers aways! I would bet that you installed your antennas with high elevation above ground and with high power to cover your domain, extremely usefull for long range interception.

Exactly! The best network if you wanted to cover a large area would be 20 cheap devices, each covering 15' radius, instead of a few high power transmitters covering 300-500ft radius. The latter could be intercepted from 2-3 miles away while the 15' radius might be be able to be intercepted from 300ft (weather plays a big role in this - such as humidity, temp, rain/snow, etc).

originally posted by: Jonjonj

originally posted by: Agit8dChop

The security protocol used to protect the vast majority of wifi connections has been broken, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks, according to the researcher who discovered the weakness.

Mathy Vanhoef, a security expert at Belgian university KU Leuven, discovered the weakness in the wireless security protocol WPA2, and published details of the flaw on Monday morning.

“Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” Vanhoef’s report said. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on.

www.theguardian.com...

Boom... Nearly ever WIFI Network around the world uses WPA2 because it was so secure.
Now the cats out of the bag...

Vanhoef emphasised that “the attack works against all modern protected wifi networks.

Going to be a interesting few days at the office me thinks!

Few specifics for those interested:

www.krackattacks.com...

I guess at some point, just NOT trying to hack something will become vogue, right?

I mean it is ridiculous that it seems to be the goal of every single stinky pepperhat to just bust up the security of absolutely anything at all.

WHY???

Why does everything need to be broken? Why can't people who work out how to break things also work out how to fix them?

DAMN!!!

You described the human condition, so unless you can fix "human" then I think we be out of luck. It is human instinct to work around or through obstacles, and with so much $$ able to be exploited from networks, there is a ton of reasons to break the security..

As for "not breaking it", well then the secutiry protocols would never get better. Do you know why we have 512bit or even 2048bit encryption? Because 48bit was crackable years ago.

It's called progress.

The people who made covered wagons were probably talking the same thing when the new fangled otto-mobile came out and made the wagons obsolete.

a reply to: DigginFoTroof

Exactly! The best network if you wanted to cover a large area would be 20 cheap devices, each covering 15' radius, instead of a few high power transmitters covering 300-500ft radius. The latter could be intercepted from 2-3 miles away while the 15' radius might be be able to be intercepted from 300ft (weather plays a big role in this - such as humidity, temp, rain/snow, etc).

Spot on! The best advise in this case for security is reducing power.

To demonstrate this, here is data from personal notes and somes basic assumptions (very ideal first order approximation):

Std: 802.11b 2.4GHz BW= 22MHz 11 Mbit/s Gp(min)= 3dB

Transmission site(s): Tx power of 20dBm, Omni antenna of 5 dBi giving an EIRP of 25 dBm

Noise floor: Noise(ideal)= -173 dBm + NF + 10LOG(BW) - Gp = -101 dBm
Urban location typically have a noise floor of -95dBm

Rx antenna:
Reasonably big planar antenna for 2.4GHz is capable of 24.7 dBi
Parabolic antenna about 22 dBi
2.4GHz Cantenna: 12 dbi
Max practical limit for a planar is around 28.5 dBi

Acceptable signal strength (Prx):
-50dBm Excellent
-60dBm Good
-70dBm is Minimum signal strength for reliable packet delivery.
-80dBm Minimum signal strength for basic connectivity.

Calculation of Free Space Loss margin:
Lfs(dB) = TxEIRP + Grx - Prx = 25 dBm + 24.7 dBi - (-70dBm) = 120 dB

Free Space Loss:
Lfs(dB)= 32.45 dB + 20*log[frequency(MHz)] + 20*log[distance(km)]

dist 2.4GHz 5GHz
--------------------------------------
100m 80dB 86.4dB
500m 94dB 100.4dB
1km 100dB 106.4dB
5km 114dB 120.4dB
10km 120dB 126.4dB
--------------------------------------

This result (very ideal case) to a possible distance of 10km !!!

Conclusion and advise: Use lowest possible power for your transmitter(s). Keep antenna low to have all receiver properly illuminated by radiation pattern. Use directional Tx antenna to radiate only were needed. Use 5GHz only, if possible. Power OFF when not in use.

a reply to: DanteGaland

MOST people are to dumb to even turn OFF WPS (Wifi Protected Setup) anyway.

And MANY router mfg are dumb enough that even when WPS is disabled, it continue to answer to reaver !!!

a reply to: DexterRiley

There is a Linux distribution called Kali Linux. It is basically a penetration-testing toolset. It contains several tools that can be deployed against wireless networks, including those protected with WPA2.

No competent Pen Tester, even a debutant, will ever use a GUI based toolset. A minimalistic and well mastered install of Linux supporting ONLY console is the way to go.

Kali is good for script kiddy or nicely cravated sec consultant that don't care leaving traces everywhere and being "penetrated" while "penetrating". Ready to use "solutions" for lazy wannabe hacker is the way to "Back Orifice" them. Never use a tool you have not compiled and not understood completely. And be wary of your compiler.

Remember that FBI agent that was happily spying cellular phones with his laptop in a cafe? While enjoying his job, a hacker nearby connected to its laptop and used Flash Player vulnerabilities to extract the very sensitive Cellular database inside that suposedly secure laptop. Complexity is the Real Vulnerability!

a reply to: Cofactor

Interesting points.

I just mentioned Kali as an example of a readily available, and easy to use, toolset that can be used to hack wireless networks. As you say, it's easy enough for script kiddies to use. So, one can imagine the computer nerd kid next door hacking into your router and doing other nefarious things without you knowing it.

There are probably not that many professionals like yourself that can make use of advanced penetration testing tools.

Given my "locks" analogy. Kali is more like a bump key, whereas what you use is more like a fully fledged lock pick kit.

-dex

a reply to: DexterRiley

I'm not a pro, and I am terrified what a real pro is capable of doing!

a reply to: DanteGaland

One thing about that screen grab tech.... it still cannot see a password being typed into the password bar. Seeing how every password bar replaces the characters with bullets. Unless you really suck at typing and have to turn that off, your password is the only thing you need to keep secret.

That phreaking method isn't as good as just being able to get the data of an email, or the details of a purchase being made. While i can see someone being successful at stealing a credit card being entered onto a new page, google has already co e up with a solution where you have a credit card linked to your google account. Of which it only asks you to verify the CVC code. So... even with that phreaking method.... there are several deterrents already put in place.

But nonetheless it is an interesting technology.... too bad it has to be close range to pick it up. Seeing how the computers we have cannot emit a transmission miles, or even more than a few hundred feet away.

a reply to: grey580

Look up one the docs on the tool BADDECISION leaked by Snowden ;-)