English Amiga Board


Go Back   English Amiga Board > Support > support.Hardware

 
 
Thread Tools
Old 15 November 2017, 15:58   #1
spudje
Registered User

 
Join Date: Dec 2014
Location: Netherlands
Posts: 774
Prism2v2 Wifi PCMCIA cards & KRACK vulnerability?

So a month ago a WIFI WPA2 vulnerability has been published: https://blog.mojonetworks.com/wpa2-vulnerability And now, we with our old devices may be left at (limited) risk.

Assume our Prism2v2 pcmcia cards we use for our A600/A1200s to hook up to our WLAN also contain this vulnerability, how do we fix?

Is this something that has to be done on the firmware level. I fear we then can forget about a fix on an old piece of hardware like this? Or is this something that can be fixed in the prism2v2 device driver? How realistic is it to expect an update there? Or finally is this something that can be fixed in the TCP/IP stack (doubtful), so e.g. Roadshow. I guess just from an active development community the TCP/IP stack update seems the most realistic one to happen, if only it could be fixed on that level.
spudje is offline  
AdSense AdSense  
Old 15 November 2017, 16:01   #2
Akira
Registered User

Akira's Avatar
 
Join Date: May 2001
Location: New York
Posts: 19,260
I was under the impression the main risk is on routers.
But yeah, the fix has to be done at firmware level, so if they need it, then, well, that's the end of it.

Do those cards even support AES2? If you are using WEP, you already are vulnerable to a myriad of attacks.
Akira is offline  
Old 15 November 2017, 16:12   #3
spudje
Registered User

 
Join Date: Dec 2014
Location: Netherlands
Posts: 774
No, it's actually a vulnerable way of implementing WPA2 on the clients that is the risk here!

Yes they support WPA2-PSK AES, they don't support WPA2 enterprise unfortunately, which is not vulnerable.
spudje is offline  
Old 15 November 2017, 16:21   #4
AmigaBoy
Registered User

 
Join Date: Aug 2004
Location: 19 Jump Street
Posts: 227
Quote:
Originally Posted by Akira View Post
I was under the impression the main risk is on routers.
Nope. It's a replay attack during the handshake on all WPA2 enabled devices. You have to update drivers/firmware for every single device. If a device is too old to receive an update, it (and your network) will forever be vulnerable.
AmigaBoy is offline  
Old 15 November 2017, 16:26   #5
Akira
Registered User

Akira's Avatar
 
Join Date: May 2001
Location: New York
Posts: 19,260
OK thanks for that, then.
So, Amiga networking is, as far as we know, forever unsafe, then. As long as you use Wifi.

Time to wire them up.
Akira is offline  
Old 15 November 2017, 16:33   #6
spudje
Registered User

 
Join Date: Dec 2014
Location: Netherlands
Posts: 774
Yes, bring on that Vampire v4 for the A1200 and a working ethernet driver
spudje is offline  
Old 15 November 2017, 17:45   #7
Daedalus
Registered User

Daedalus's Avatar
 
Join Date: Jun 2009
Location: Dublin, then Glasgow
Posts: 2,741
There are already PCMCIA wired ethernet controllers that work fine on the A1200 without a Vampire.
Daedalus is online now  
Old 15 November 2017, 17:59   #8
spudje
Registered User

 
Join Date: Dec 2014
Location: Netherlands
Posts: 774
I know, I even have one, but it's an ugly impractical solution the cable sticking out on the side. I hopefully find a nicer way to wire the ethernet cable into the A1200 to the vampire.
spudje is offline  
Old 15 November 2017, 18:07   #9
modrobert
old bearded fool

modrobert's Avatar
 
Join Date: Jan 2010
Location: Bangkok
Age: 50
Posts: 426
Quote:
Originally Posted by AmigaBoy View Post
Quote:
Originally Posted by Akira View Post
I was under the impression the main risk is on routers.
Nope. It's a replay attack during the handshake on all WPA2 enabled devices. You have to update drivers/firmware for every single device. If a device is too old to receive an update, it (and your network) will forever be vulnerable.

Actually, the KRACK attack is kind of limited. The hype is mainly because most people misunderstand the scope of it.

A WiFi router will only be affected if it acts as a "client", for example when configured as a repeater or similar role, when configured as a standard router it is not affected.

Some things to consider...

There is no way for the KRACK attack to be used in order to retrieve the router WiFi password, so that is safe.

If you have several patched (up to date) computers/mobile devices logged in as "clients" on the WiFi network, these will not be affected just because you have one vulnerable computer on the network.

The attacker, after triggering the vulnerable client handshake, will only be able to decrypt traffic between the vulnerable client and the router. In effect this means that if your Amiga is the only vulnerable client on the WiFi network, after much effort trying to decrypt that slow 802.11b (11mbit) traffic, these are the only packets the attacker can see, between the Amiga and the router, every other updated client on your WiFi network is safe. Keep in mind the attacker can only do this decryption while actively being in range of your WiFi network. If you are not sending any packets from a vulnerable client, then there is nothing to decrypt.

Also, if you are using HTTPS on a vulnerable client (doubt you will do that from classic Amiga though, it's too slow), then the attacker will have to break that encryption separately, and that is just as hard as it is to break HTTPS in general, no benefit of using the KRACK attack.

In other words, just avoid doing your bank business online using a plaintext HTTP browser on the Amiga and you will most likely be fine.

More info here, straight from the source:
https://www.krackattacks.com/

Last edited by modrobert; 15 November 2017 at 19:09. Reason: Clarified a bit.
modrobert is offline  
Old 15 November 2017, 18:37   #10
AmigaBoy
Registered User

 
Join Date: Aug 2004
Location: 19 Jump Street
Posts: 227
Quote:
Originally Posted by modrobert View Post
If you have several patched (up to date) computers/mobile devices logged in as "clients" on the WiFi network, these will not be affected just because you have one vulnerable computer on the network.
The attacker can masquerade as that device and intercept/modify packets once they have access. The only way to ensure complete security is go wired, or update every device on the network.

Quote:
Originally Posted by modrobert View Post
just as hard as it is to break HTTPS in general
There's tools that break HTTPS. I haven't looked into them, but I assume there's brute forcing involved.

But as you said, all of this is only relevant if you're within the Wi-Fi's range. If you live in a remote area, you've probably got nothing to worry about.
AmigaBoy is offline  
Old 15 November 2017, 18:47   #11
modrobert
old bearded fool

modrobert's Avatar
 
Join Date: Jan 2010
Location: Bangkok
Age: 50
Posts: 426
Quote:
Originally Posted by AmigaBoy View Post
The attacker can masquerade as that device and intercept/modify packets once they have access. The only way to ensure complete security is go wired, or update every device on the network.
Yes, an attacker can inject packets but only in the session between the vulnerable client and the router, not with other patched clients on the same WiFi network.

Quote:
Originally Posted by AmigaBoy View Post
There's tools that break HTTPS. I haven't looked into them, but I assume there's brute forcing involved.
Yes, but those tools works regardless if KRACK is used or not, and it's not trivial.

Quote:
Originally Posted by AmigaBoy View Post
But as you said, all of this is only relevant if you're within the Wi-Fi's range. If you live in a remote area, you've probably got nothing to worry about.
What I meant about being in range is that WiFi behaves a bit like Ethernet packet wise, an attacker have to actually catch some packets from a vulnerable client (Eg. Amiga) at the precise moment when the victim is doing that bank login (or whatever). Decrypting a few irrelevant packets doesn't mean the attacker "have the keys to the kingdom".

Again, read the info on the site I linked in previous post, it's written by the security researchers who discovered the flaws and named it KRACK. Granted, the researchers in this case tend to apply some naive "better safe than sorry" attitude because the website has been hammered with traffic and questions about the vulnerabilities, so they try to keep it simple.

It's important not to encourage the fearmongering, be realistic.


PS: The security researchers uploaded the exploit info to an academic institution website on the 19th of May, 2017. However, KRACK was not announced until 1st November, 2017. The academic institution who had these files for review between May and November is known to be compromised by NSA, CIA and others, so they have no doubt used this exploit in the wild during the time until announcement.

Last edited by modrobert; 15 November 2017 at 19:19.
modrobert is offline  
Old 15 November 2017, 19:38   #12
Daedalus
Registered User

Daedalus's Avatar
 
Join Date: Jun 2009
Location: Dublin, then Glasgow
Posts: 2,741
Quote:
Originally Posted by AmigaBoy View Post
The only way to ensure complete security is go wired, or update every device on the network.
The only way to ensure complete security is to isolate all machines completely. It's all about balancing convenience versus risk. If you're occasionally using the connection to download a few LHAs from Aminet, you really have very little to worry about. It's not like you'll be doing much serious internet use on an A1200 anyway, anything even remotely interesting will surely be done using other, updated devices.
Daedalus is online now  
Old 15 November 2017, 22:19   #13
Sir_Lucas
Registered User

Sir_Lucas's Avatar
 
Join Date: Dec 2008
Location: Norwich, UK
Posts: 542
@spudje
What I think here is that you are overreacting. No one uses online banking or any other serious stuff with their Amigas. Someone will break my WPA2 password to steal what, my aminet patches, whdload games, modules?

What about WPA/TKIP cards/protocol? Is it safe to use?
Sir_Lucas is offline  
Old 16 November 2017, 01:06   #14
spudje
Registered User

 
Join Date: Dec 2014
Location: Netherlands
Posts: 774
Well, my only realistic concern is a potential attacker retrieving my samba credentials, as that is what is exchanged between Amiga and NAS over wifi. He could then break in, steal my NAS and access my data, or hack it via the internet. I know, pretty paranoia, but still Guess I'll make myself a separate SMB account for my amiga clients with only limited access to the NAS.
spudje is offline  
Old 16 November 2017, 05:11   #15
modrobert
old bearded fool

modrobert's Avatar
 
Join Date: Jan 2010
Location: Bangkok
Age: 50
Posts: 426
Quote:
Originally Posted by Sir_Lucas View Post
What about WPA/TKIP cards/protocol? Is it safe to use?
No, older WPA is affected, as well as "enterprise".

For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES.


Quote:
Originally Posted by spudje View Post
Well, my only realistic concern is a potential attacker retrieving my samba credentials, as that is what is exchanged between Amiga and NAS over wifi. He could then break in, steal my NAS and access my data, or hack it via the internet. I know, pretty paranoia, but still Guess I'll make myself a separate SMB account for my amiga clients with only limited access to the NAS.
I think that's a legit concern, it could be done in theory at least.

What I did was letting the Amiga use my open guest "/temp" SMB (Samba) resource. It's not ideal to have a read/write access to a SMB share without requiring a valid user login, but at least there are no user login credentials leaking when the WiFi network is under attack.

Last edited by modrobert; 16 November 2017 at 06:35.
modrobert is offline  
Old 16 November 2017, 10:38   #16
Sir_Lucas
Registered User

Sir_Lucas's Avatar
 
Join Date: Dec 2008
Location: Norwich, UK
Posts: 542
Quote:
Originally Posted by spudje View Post
Well, my only realistic concern is a potential attacker retrieving my samba credentials, as that is what is exchanged between Amiga and NAS over wifi. He could then break in, steal my NAS and access my data, or hack it via the internet. I know, pretty paranoia, but still Guess I'll make myself a separate SMB account for my amiga clients with only limited access to the NAS.
The only thing that I can suggest to make you feel a bit less paranoid is to remove your WIFI PCMCIA card from your Amiga, put it into a drawer and get an ETHERNET wired card. Either cnet or 3com drivers will solve all your issues.

Last edited by Sir_Lucas; 16 November 2017 at 11:56.
Sir_Lucas is offline  
Old 16 November 2017, 18:50   #17
illy5603
Registered User

illy5603's Avatar
 
Join Date: Jul 2008
Location: SPaT CiTY
Posts: 554
Send a message via MSN to illy5603
Quote:
Originally Posted by Akira View Post
OK thanks for that, then.
So, Amiga networking is, as far as we know, forever unsafe, then. As long as you use Wifi.

Time to wire them up.
I use an IOGEAR Universal Wi-Fi N Adapter GWU627W6 and plug my wired ethernet card into it so it is plugged into something modern that will hopefully stay updated.
illy5603 is offline  
Old 17 November 2017, 03:24   #18
rare_j
Zone Friend

rare_j's Avatar
 
Join Date: Apr 2005
Location: London
Posts: 797
Quote:
Originally Posted by spudje View Post
Well, my only realistic concern is a potential attacker retrieving my samba credentials, as that is what is exchanged between Amiga and NAS over wifi. He could then break in, steal my NAS and access my data, or hack it via the internet. I know, pretty paranoia, but still Guess I'll make myself a separate SMB account for my amiga clients with only limited access to the NAS.
I think for a long time smb has supported password encryption during authentication. So that would need to be broken as well.
rare_j is offline  
Old 17 November 2017, 04:54   #19
modrobert
old bearded fool

modrobert's Avatar
 
Join Date: Jan 2010
Location: Bangkok
Age: 50
Posts: 426
Quote:
Originally Posted by rare_j View Post
I think for a long time smb has supported password encryption during authentication. So that would need to be broken as well.
Good point, looks like password encryption was added to smbfs back in 2000.

https://sourceforge.net/projects/ami...smbfs%201.102/
modrobert is offline  
Old 17 November 2017, 12:21   #20
spudje
Registered User

 
Join Date: Dec 2014
Location: Netherlands
Posts: 774
Oh that's good to know, thought this never made it into Amiga SMB versions. I'll should look into this!
spudje is offline  
AdSense AdSense  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Similar Threads
Thread Thread Starter Forum Replies Last Post
25 x WIFI CARDS - LINKSYS - WPA2/AES - AMIGA - A600/A1200 PCMCIA WIFI Sir_Lucas MarketPlace 202 29 April 2018 13:08
25 x WIFI CARDS - ZYXEL - WPA2/AES - AMIGA - A600/A1200 PCMCIA WIFI Sir_Lucas MarketPlace 82 10 February 2016 16:24
PCMCIA Wifi? tonyyeb support.Hardware 52 01 September 2010 15:45
PCMCIA Wifi and MiamDX tonyyeb support.Hardware 16 01 October 2008 00:10
512kb & 1Mb PCMCIA SRAM Mem cards - for Amiga 1200 / 600 on ebay drebhaklett MarketPlace 0 25 February 2005 01:13

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 12:24.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.
Page generated in 0.09061 seconds with 15 queries