Severe flaw in WPA2 - cracked

  • 34
  • Question
  • Updated 10 months ago
  • Answered
Photo of Marko Teklic

Marko Teklic

  • 1 Post
  • 0 Reply Likes

Posted 1 year ago

  • 34
Photo of Jakob Peterhänsel

Jakob Peterhänsel

  • 90 Posts
  • 29 Reply Likes
"One researcher told Ars that Aruba and Ubiquiti, ..., already have updates available to patch or mitigate the vulnerabilities."

Well, let's see how fast our support-contract money work..
(Edited)
Photo of Dustin Roberts

Dustin Roberts

  • 2 Posts
  • 8 Reply Likes
Agree, they knew about this august 28. Why is a patch not already available. 
Photo of Pete

Pete

  • 3 Posts
  • 4 Reply Likes
Open-Mesh announced a firmware upgrade by the end of today (10/17/2017) and there is no support contract involved. A free lifetime cloud controller license comes with each hardware purchase.

Our Meraki devices received their firmware upgrade within hours of reading about the security vulnerability. 
Photo of Ruben Herold

Ruben Herold

  • 7 Posts
  • 15 Reply Likes
Some vendors like mikrotik have already rolled out patched versions since weeks:

https://forum.mikrotik.com/viewtopic.php?f=21&t=126695
Photo of James Julier

James Julier

  • 3 Posts
  • 5 Reply Likes
I too would like an answer to this. And for our patch to be made available quickly. We already have clients asking.
Photo of R.W. van der Knoop

R.W. van der Knoop

  • 5 Posts
  • 1 Reply Like
Me too for my R600 Unleashed ...
Photo of Ari Lemmke

Ari Lemmke

  • 1 Post
  • 1 Reply Like
Yes, this breach is annoying.

But .. have been evangelizing for years that wifi should only be used as transport for VPN (OpenVPN).

Have been trying to find more information like press releases or other material on topics like Ruckus and WPA2 krack. (https://www.krackattacks.com/)

Notice that this all has been released earlier to manufacturers and only now will go public, meaning that only some manufacturers have reacted to research papers: https://eprint.iacr.org/2016/475.pdf
Dated May-17 2016 .. it was all there.
Photo of tech support

tech support

  • 7 Posts
  • 14 Reply Likes
Ruckus, you're late to the party as usual. When will we see firmware updates to address KRACK?
Photo of Thomas Barnsley

Thomas Barnsley

  • 1 Post
  • 1 Reply Like
I would dearly love to see this ASAP as we need to start change management procedures.
Photo of Andrew Bailey

Andrew Bailey

  • 16 Posts
  • 8 Reply Likes
I've raised a P2 Case (ID: 00565627).

According to the security section of the Ruckus site (https://www.ruckuswireless.com/security) the CVE's covered by Krack have not been addressed.

Kind Regards,


Andy.
Photo of Dustin Roberts

Dustin Roberts

  • 2 Posts
  • 8 Reply Likes
This is big, ruckus had better act quickly on this. I also expect them to release patches for some of the older chains of firmware. We have perfectly usable 802.11n access points (7363) in use that are locked to the 9.12.x chain. It would pretty much mean the end of our relationship with ruckus if we were forced to upgrade these for a security patch. 
Photo of Robert Lowe

Robert Lowe

  • 197 Posts
  • 46 Reply Likes
Aruba has released fixes for older versions of firmware but only ones the deem 'under support'. Ruckus doesn't view firmware in the same way but based on the fact that the recommended 9.13.3.0.121 i would expect them to be going back a little way on the firmware list at least to 9.12 
Photo of tech support

tech support

  • 7 Posts
  • 14 Reply Likes
Yep, end of support for the ZoneDirector 1100 for example is June 30th 2020, and it is stuck on ZD1100 9.10.2.0.29 (MR2 Refresh) Software Release
I would expect an update for this from Ruckus very soon.
Photo of Mike Loiterman

Mike Loiterman

  • 4 Posts
  • 9 Reply Likes
My understand is that this issue was something vendors were previously notified about.  So, the fact that there doesn't even appear to be a proposed timeline for a fix is not acceptable - especially since some vendors are already releasing patches.

Very frustrating.
Photo of Robert Lowe

Robert Lowe

  • 197 Posts
  • 46 Reply Likes
Aruba reports that they were informed by the author of the research paper in July & by CERT in August. Imagine same for all vendors. Plus many (if not all) have been participating in industry level discussions
Photo of Simon Bührer

Simon Bührer

  • 14 Posts
  • 1 Reply Like
Pretty annoying issue and surely not the best time to get it public, but I don't get why this issue is still persistent since it was reported to the vendors in August/Septembre.  Actually there's one customer after another calling and asking what they can do and when they can expect a solution. Not cool, to have no answer ready...
Photo of Robert Lowe

Robert Lowe

  • 197 Posts
  • 46 Reply Likes
Dont forget though that the infrastructure is only part of this issue. Even after controllers & AP's have had a 'fix' applied there are still vulnerabilities from the client side, which is actually the source of the issue, can only be addressed by the client manufacturers. As i understand it, It affects infrastructure vendors because sometimes their AP's act as a client like when using mesh for example.

Here's a link to their FAQ on the issue: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf
(Edited)
Photo of tech support

tech support

  • 7 Posts
  • 14 Reply Likes
And here's Meraki's which is excellent IMO:
https://documentation.meraki.com/zGeneral_Administration/Support/802.11r_Vulnerability_(CVE%3A_2017-...

Deathly silence from Ruckus...
(Edited)
Photo of JesseJ

JesseJ

  • 16 Posts
  • 21 Reply Likes
From my chat session they plan to take their time... They have a response slated for the second half of today.
Photo of Robert Lowe

Robert Lowe

  • 197 Posts
  • 46 Reply Likes
I guess that depends on where you are......In the UK its already the 2nd half of today :)
Photo of JesseJ

JesseJ

  • 16 Posts
  • 21 Reply Likes
I should have specified PDT :P
Not exactly on the ball for a premier wireless vendor nonetheless! 
Photo of tech support

tech support

  • 7 Posts
  • 14 Reply Likes
Exactly. They are one of the last vendors to respond, and not only that, it would appear as though their response won't include links to a fix, unlike every other vendor.

I have budget to replace our Wi-Fi equipment companywide in 2018 and this is the nail in Ruckus' coffin as far as I am concerned.
If the ZD1100 doesn't get a firmware fix today then I'm out.
(Edited)
Photo of Mike Loiterman

Mike Loiterman

  • 4 Posts
  • 9 Reply Likes
Here is some additional information:

http://www.revolutionwifi.net/revolut...
Photo of Chad Sarvis

Chad Sarvis

  • 2 Posts
  • 1 Reply Like
Well, based on Meraki's outstanding document, it only appears to be an issue for access points when using 802.11r Fast-BSS Transition.
Photo of Steven Veron

Steven Veron

  • 20 Posts
  • 4 Reply Likes
I'm reading it the same way. From the infrastructure side, if you don't use 802.11r you aren't vulnerable/liable? The other parts are all on the client manufacturers?
Photo of JesseJ

JesseJ

  • 16 Posts
  • 21 Reply Likes
Right from the first paragraph:
"Of the ten vulnerabilities, Meraki access points (AP) are only affected by one (CVE: 2017-13082)."

CVE: 2017-13082

802.11r Fast-BSS Transition(FT)

Access Points

Photo of Charles Sprickman

Charles Sprickman

  • 8 Posts
  • 7 Reply Likes
Ruckus makes some great gear, but good god do they suck at communicating with their customers - both issues like this and general transparency.
Photo of JesseJ

JesseJ

  • 16 Posts
  • 21 Reply Likes
From the white paper:
"Our key reinstallation attack also breaks the PeerKey, group key, and Fast BSS Transition (FT) handshake. The impact depends on the handshake being attacked, and the data-confidentiality protocol in use."
Photo of Robert Lowe

Robert Lowe

  • 197 Posts
  • 46 Reply Likes
No its more than that but maybe not effecting Meraki. For example it effects most Vendors who have Mesh functionality.
This Aruba Blogpost gives a good explanation: http://community.arubanetworks.com/t5/Technology-Blog/WPA2-Key-Reinstallation-Attacks/ba-p/310045
Photo of Mike Loiterman

Mike Loiterman

  • 4 Posts
  • 9 Reply Likes
I’m sure someone is justifiying a slow response by saying that the client side must also be updated and that Apple and Google have yet to release a fix. To that person I say, provide me with free ongoing support and I will accept that answer.

I selected Ruckus because I wanted premium support when faced with these kinds of issues. I’m not getting that and we all need to pound this thread, email and call until they release a fix. This is not acceptable.
Photo of tech support

tech support

  • 7 Posts
  • 14 Reply Likes
Still nothing on their security page. Their response to this is a joke.
https://www.ruckuswireless.com/security
(Edited)
Photo of tech support

tech support

  • 7 Posts
  • 14 Reply Likes
If you want a chuckle then email [email protected] and you'll get an Out of Office reply.
Nice to know that security is handled by a single person and that they chose to go on vacation on the day that this vulnerability was to be disclosed.
Ruckus, and other vendors, have known about this vulnerability since July, and also knew well in advance about the disclosure date.

Hi All,

 

I will be on PTO from 14-Oct to 23-Oct would have limited accesst to emails / calls. Please expect delays in my responses.

 

For Security Issues: mail to [email protected]

For any other queries: contact [email protected]

 

Regards,

Hemant Bhatnagar

(Edited)
Photo of UAtraveler1K

UAtraveler1K

  • 1 Post
  • 0 Reply Likes
Just for kicks and grins, I found his LinkedIn...  anyone want to pester him on Vaca? https://www.linkedin.com/in/bhatnagarhemant
Photo of Charles Sprickman

Charles Sprickman

  • 8 Posts
  • 7 Reply Likes
I had no idea that Ruckus offshored their development.  That explains SO MUCH.  Cheap bastards.  In all my experience with offshore development, there's good tech talent, but they lack a certain amount of imagination.  I don't know if that's the result of an education that values STEM above all else or if it's cultural or what, but I can really see the attitudes I've encountered with Indian devs ("well what user would do that? that makes no sense, don't worry!") being terrible with security ("who would send THAT packet?  That's crazy!  we're following the spec, go away!"). 
Photo of Michael Brado

Michael Brado, Official Rep

  • 2324 Posts
  • 317 Reply Likes
UltraTraveller keep it Professional.. Charles, we have development centers around the world.  Most DevEng are here in Sunnyvale.
Photo of Michael Brado

Michael Brado, Official Rep

  • 2324 Posts
  • 317 Reply Likes
A management reply is about to be released, describing your limited exposure to the risks in this WPA2 4 way handshake flaw.
Software patches are also coming out soon for major GA/MR releases of ZD/SZ controller code.