KRACKs fix needed, please!

Dear everyone,

WPA2 is broken. Pending further information to be revealed today and on Nov.1, 2017, this means every unpatched device with WiFi currently seems open to Man-in-the-middle attacks. This includes all models of Fairphones. And also the device you are currently reading this on. Whatever it is, it very surely has WiFi.

Please check here, and your favourite tech blog somewhere else:
https://www.krackattacks.com/

I still have hope Fairphone is going to do it’s best on this, and if possible supplying FP1(U) customers with a patch despite the end-of-service.

Ping @Douwe, can you escalate this to your devs?

7 Likes

This will probably be in the next Android patch and so in the next FP2 update (I don’t know about FP1 though).

3 Likes

We are sadly unable to provide security updates for Fairphone 1.

The reason for this is that Google no longer supports security updates for Android 4.2.

And Fairphone is not able to upgrade the Android version of the Fairphone 1 beyond Android 4.2.

4 Likes

Any updates on a Fairphone2 update?

1 Like

Whole industry is on the move to get it fixed. Fairphone patches often within a month or so.

Temporary workaround for the paranoid:

  1. Put WiFi off except at home. Alternatively, don’t use WiFi at all. Use 4G [1] and wired (USB, Ethernet, etc) instead.

  2. Whilst at home using WiFi you need to encrypt the traffic on one of the network layers.

a) only use encrypted connections such as HTTPS, IMAPS, etc. Use the addon HTTPS Everywhere [2] for your browser.

b) tunnel everything through a VPN (but not PPTP protocol since unsafe). OpenVPN doesn’t require root while OpenSSH VPN does.

Both 2a and 2b are safe. The exploit requires vicinity access and a MITM (mobile hotspot with same MAC). If you live in a crowdy environment e.g. a flat in a capital city, or e.g. use WiFi in train then I recommend to not use unpatched clients. As time passes by, more scriptkiddies can exploit this. Remember that if you don’t use either 2a or 2b then when you are at a public open hotspot the traffic is also sniffable.

[1] Has known vulnerabilities as well such as downgrade attack + SS7.
[2] https://en.wikipedia.org/wiki/HTTPS_Everywhere

9 Likes

We are sadly unable to provide security updates for Fairphone 1.

The reason for this is that Google no longer supports security updates for Android 4.2.

But can’t you simply backport the patches for hostapd / wpa_supplicant to fix this particular vulnerability, as it is free and open source?

You don’t need to patch any binary blobs from the chipset manufacturer, nor do you need patches directly from Google.

5 Likes

Can we expect a solution or securityupdate whitin the next ours/days?
Or isn’t the known WPA2 security leak on wifi-connections not a risk for Fairphone 2?

It is a risk for all android devices beginning from Android 6.0 upwards.

Google has to fix it and then the updates have to trickle down via the distributers (FP here) to the vendors (also FP here) to the consumers.
So that can be usually anywhere between a day and 6 months… or never.
I don’t have enough experience with FP (only own mine less than a week), but i think a fix will be available soon or is already deployed.

As a side-note: Also update ALL of your router and WiFi-Devices. They are most likely affected as well.
Only upside to the recent bug: An attacker has to be physically present within the area of your WiFi (up to 100-200m around the AP with proper equipment).

hth

Edit: List of Patches for this Issue

2 Likes

So FP1 on Android 4.2 or 4.4 is not affected?

1 Like

From all the articles I read and even the original paper I’m still confused about the status for Android before 6.0. It’s never mentioned explicitly. And when the talk is about Android 6.0 onwards, it’s usually stated that this version is exceptionally vulnerable (accepts zero keys). As far as I could see there is no statement that Android before 6.0 is not vulnerable.

4 Likes

As long as wifi uses WPA2, which is the case in Android 4.2/4.4, then these android devices are affected too.

3 Likes

This is correct.

There are a number of flaws. A list can be found e.g. here:

CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
CVE-2017-13078: reinstallation of the group key in the Four-way handshake
CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake
CVE-2017-13080: reinstallation of the group key in the Group Key handshake
CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake
CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it
CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

Android < 6 (ie. <= 5.1.x) isn’t vulnerable to one of these (I don’t know which one :stuck_out_tongue: ).

1 Like

I hope I don’t sound stupid, but how do you know that older Android versions aren’t vulnerable?

The list you provided says

The WPA2 protocol is ubiquitous in wireless networking. The vulnerabilities described here are in the standard itself as opposed to individual implementations thereof; as such, any correct implementation is likely affected.

1 Like

Only “one of these”, I had to read several times to understand.

[quote=“Drezil, post:10, topic:34194, full:true”]As a side-note: Also update ALL of your router and WiFi-Devices. They are most likely affected as well.
Only upside to the recent bug: An attacker has to be physically present within the area of your WiFi (up to 100-200m around the AP with proper equipment).[/quote]Nope, APs are not affected. All you need to do is update every WiFi client. Routers or modems (which are routers) are typically APs. The AP part of the handshake isn’t compromised.

The only exception is repeaters (example). Repeaters typically serve as AP and client. They’re a client to the modem/router which is an AP, and they’re an AP to the area they’re being extended to. The former is the issue. (They also cause a lot of noise, but that’s not the point :smiley: ). I recently started using a repeater because my ISPs modem can only serve in either 2,4 GHz or 5 GHz and I wanted to have the 5 GHz speed for devices which support it. Turns out my partner’s smartphone and our e-readers don’t support 5 GHz. So I plugged in a repeater. However, its plugged in via ethernet and is therefore actually only an AP; not a WiFi client.

The sad truth is, there are a lot of repeaters out there which won’t get fixed…

Same for clients. Luckily I have my e-reader WiFi off most of the time though I expect some updates from Kobo. I think having WiFi off when you don’t need it is a good compromise for the time being, and generally good practice as well. It saves you battery and it gains you privacy because it goes against tracking (although I think Android 7, like iOS, randomises MAC address when not connected?). There are also some programs which enable or disable WiFi based on GPS location. IIRC I used that with Tasker on a rooted phone before, but I don’t remember how well it worked. At the very least you’re not using WiFi for positioning anymore.

PS: Recommend to not broadcast list of known APs via WiFi Privacy Police by UHasselt.

1 Like

Sorry that was me not using the English language very well :slight_smile:

So one of these CVEs is very severe and only applies to Android >= 6.0. The other bugs still exist in Android <= 5.1.x

Its just that Android 6.0 >= is hit more severe because it uses WPA Supplicant 2.4+. Its explained on the website krackattacks.com:

Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux. Here, the client will install an all-zero encryption key instead of reinstalling the real key. This vulnerability appears to be caused by a remark in the Wi-Fi standard that suggests to clear the encryption key from memory once it has been installed for the first time. When the client now receives a retransmitted message 3 of the 4-way handshake, it will reinstall the now-cleared encryption key, effectively installing an all-zero key. Because Android uses wpa_supplicant, Android 6.0 and above also contains this vulnerability. This makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices. Note that currently 50% of Android devices are vulnerable to this exceptionally devastating variant of our attack.

TL;DR all Android versions vulnerable. FP1 and FP2 vulnerable.

4 Likes

In their Q&A section at KRACK Attacks: Breaking WPA2 the researchers write

Finally, although an unpatched client can still connect to a patched AP, and vice versa, both the client and AP must be patched to defend against all attacks!

2 Likes

I’m reading a lot of conflicting advice. Quite some suggesting that the clients are the most vulnerable. Is that true?

If all APs need to be patched, then this world is hosed…

Have you seen any patches for AP side?

I saw discussion here but that’s one commit to WPA Supplicant.

https://news.ycombinator.com/item?id=15482507

From there I went to the latest commits which are here:

https://w1.fi/cgit/hostap/log/?showmsg=1

And found this specific one interesting:

https://w1.fi/cgit/hostap/commit/?id=6f234c1e2ee1ede29f2412b7012b3345ed8e52d3

A patch for the FP2 will be included in the next monthly update.

17 Likes

The developers of wpa_supplicant / hostapd fixed these issues, Google just merges them with their source code and publishes an advisory.

LineageOS patched these vulnerabilities simply by backporting the patches to their repository. There is no need to wait for Google, as far as I see it, Fairphone could simpy merge the changes into their repository and run a new build of the FP1 firmware.

4 Likes