Wifi Hacked (KRACK)

Ev0 · 27 Dec 2017 at 11:27

But the SSID can easily be discovered when it is set to not broadcast, and then using the example in the video could be included in the attack script. Hiding the SSID does nothing to stop this that I can see, just introduces another trivial step for the attacker to discover it.

Also with the video shows they are spinning up a duplicate access point on a different channel, can the op see if when they have their suspected dodgy connection if they are on the same channel as their access point or or has it changed?

muon · 4 Jan 2018 at 00:02

r7slayer said:
Yes but it works by searching for the WiFi network and then it clones the network on a different channel. It then establishes handshakes with the targeted device. The attacker can then go on to do stuff like stripping the SSL of any connections. If you disable the SSID broadcast you cannot search for the network but all remaining devices remain connected. Not exactly the best method for say businesses that have devices connect all the time but for home users it's a way of protecting their devices.

So this surely describes what was happening to me (doesn't even look that hard). Except either my devices were kicking up a fuss or the attacker wasn't feeding an internet connection.

Worth noting that this hasn't reoccurred since I significantly reduced the transmit power of my router and renamed the SSIDs.

crinkleshoes · 6 Jan 2018 at 05:43

muon said:
I don't believe what you have mentioned would stop this. Passwords are not default anyway. MAC addresses are spoofed with ease.

I'm still not certain exactly what is happening though. I can switch to another wireless router, but from what I've read this vulnerability exists on all current wireless routers.

You can work around it... if the wifi access is vulnerable then add another layer... a login portal is probably the easiest, although it depends on the router.

shamus21 · 8 Jan 2018 at 10:57

I stopped using Wifi at home a few years back to many issue for me. Just go wired if you can, saves a lot of hassle.

joeyjojo · 11 Jan 2018 at 17:55

Ev0 said:
Not beyond realms of possibility, but I’d doubt it was KRACK being exploited here, not to say it isn’t though.

Through this vulnerability an atttacker can obtain the keys used to encrypt/decrypt traffic, it does not ‘take over’ the router. That said what an attached does once they have the keys...

This. KRACK allows snooping on traffic between AP and (unpatched) client. The only way this could be used to get into your AP is if the password is sniffed, i.e. an attacker is intercepting your traffic while you log into the AP without encryption. This is unlikely.

dmsims · 12 Jan 2018 at 11:42

You could be the subject of a deauth DOS attack, no amount of security is going to save you.