[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol

Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 17:37:54

digx wrote

Hi TP-Link,
I would kindly ask to review your statement about AP/Router are not affected if not used in client or repeater mode for below reason:
If you check the dedicated KRACK research paper at https://papers.mathyvanhoef.com/ccs2017.pdf you can understand that the problem why a client can be "attacked" from KRACK is also due to AP/Router implementation as follow:

In the research paper you can read:


" In practice, we found that several APs indeed accept an older replay
counter. More precisely, some APs accept replay counters that were
used in a message to the client, but were not yet used in a reply
from the client (see column 2 in Table 2 on page 8). These APs
will accept the older unencrypted message 4, which has the replay counter r+1 in Figure 4."

So maybe you should check if your router/AP is accepting older replay counter.

and in addition it seems also below technique can be used against AP as per the research paper:
" it is still possible to indirectly attack them by performing a key reinstallation attack against the AP during an FT handshake" (see Section 5 - A Key Reinstallation Attack against the AP):

"This attack technique requires us to wait until a rekey of the
session key occurs. Several APs do this every hour [66], some examples
being [24, 26]. In practice, clients can also request a rekey by
sending an EAPOL frame to the AP with the Request and Pairwise
bits set. Coincidently, Broadcom routers do not verify the authenticity
(MIC) of this frame, meaning an adversary can force Broadcom
APs into starting a rekey handshake. All combined, we can assume
a rekey will eventually occur, meaning an adversary can carry out
the key reinstallation attack."

So maybe you should check if your AP/Router are affected about " not verify the authenticity (MIC) of this frame"

So I would really kindly ask you to re-check your product if they are affected and support us as your customers with a fix on AP/Router side (in my case W8970)

Thanks in advance for your understanding!


1. So maybe you should check if your router/AP is accepting older replay counter.
According to the 802.11 Wi-Fi standard, an AP (authenticator) will check and accept Replay Counter value that already used in message to the client during the 4-way handshark, which is one of its vulnerabilities. Maybe some APs, as the author mentioned, will work fully in accordance with the 802.11 standard, but we can confirm that TP-Link isn't involved with this vulnerability from the code level. TP-Link APs/Routers will check the replay counter value in message 4, and if it's a value already used, will reject the packet.
Thus we clarify that routers/gateways working in default router mode or access point mode (as an Authenticator) will not be affected by the vulnerabilities.

2. and in addition it seems also below technique can be used against AP as per the research paper:
" it is still possible to indirectly attack them by performing a key reinstallation attack against the AP during an FT handshake" (see Section 5 - A Key Reinstallation Attack against the AP):
TP-Link APs don't make use of the 802.11r roaming protocol (some APs apply 802.11k/v instead). Thus can get rid of the vulnerabilities of an FT handshake implemented by 802.11r.

3. So maybe you should check if your AP/Router are affected about " not verify the authenticity (MIC) of this frame"
From the code level, we can confirm that TP-Link APs will check the MIC (Message Integrality Check) value during the 4-way handshake, thus can get rid of this vulnerability as well.

Thus if you use your W8970 in the default DSL modem router rode, it won't be affected by the vulnerabilities at all. Just update your Wi-Fi clients to avoid any attacks.
0
0
#62
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 17:42:11

tplinkuser12123 wrote

Is the access point ap500 affected of this problem? Can’t find anything on the support page. Please help. Thx


Please pay attention to the unaffected devices list: Routers and gateways working on default Router mode or Access Point mode
0
0
#63
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 17:43:15

WiFi-User wrote

Hi,

So reading the above can you confirm that No Access Point is affected? e.g. TP-LINK TL-WA801ND ?


Thanks.


TL-WA801ND working in Access Point mode won't be affected.
0
0
#64
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 18:27:40

tplink wrote

Please pay attention to the unaffected devices list: Routers and gateways working on default Router mode or Access Point mode
So that means no. The ap500 has no problem.
0
0
#65
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 18:53:12

tplinkuser12123 wrote

So that means no. The ap500 has no problem.


No, that means you still have to update because you are at risk if you run non default modes like bridge mode.
All the router and AP devices are at risk because a mode can be enabled that is vulnerable. Not until a patch for the equipment is released are we 100 percent ok concerning the equipment.
Netgear has the same issue that lots of their routers and APs are ok as long as not running in bridge mode but the routers and APs that were affected even in default modes have been patched but the others have not been patched yet.
0
0
#66
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 19:02:54

Sitedrifter wrote

No, that means you still have to update because you are at risk if you run non default modes like bridge mode.All the router and AP devices are at risk because a mode can be enabled that is vulnerable. Not until a patch for the equipment is released are we 100 percent ok concerning the equipment.Netgear has the same issue that lots of their routers and APs are ok as long as not running in bridge mode but the routers and APs that were affected even in default modes have been patched but the others have not been patched yet.
My Ap ist connected by wire to a firewall/router What do you mean with bridge mode ? My Ap is on an separate subnet.
0
0
#67
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 19:05:55

tplinkuser12123 wrote

My Ap ist connected by wire to a firewall/router What do you mean with bridge mode ? My Ap is on an separate subnet.


Bridge mode means WDS wireless bridging which may be affected by the vulnerabilities. In this case, your AP is connected to the root router through Wi-Fi, acting as a Wi-Fi extender.
0
0
#68
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 19:10:27
Ok. So if I connect my Ap with the router by wlan it will be save. And using the Ap by wired cable its an problem?
Why ist this ap500 not listed on the support page under the problem devices?
0
0
#69
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 19:17:37

tplinkuser12123 wrote

Ok. So if I connect my Ap with the router by wlan it will be save. And using the Ap by wired cable its an problem?


By wlan is not safe, by wired is safe.
0
0
#70
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-19 19:22:53
My Ap is connected to my router by cable. So is it safe or not?
0
0
#71
Options