Ah okay, read up a little on how they do the channel-based AP clone for the MitM attack that sets this up. Makes a bit more sense.

http://www.mathyvanhoef.com/2015/10/advanced-wifi-attacks-using-commodity.html

Ah – that’s quite sneaky. What they’re doing is routing all wifi traffic through their own AP, hence being a man in the middle. The password doesn’t matter, because that is only used for initial setup of a wifi connection –
once the connection is set up then security is provided by encryption of the traffic using the key which is shared with the 4 way handshake. However this is where the vulnerability is. Without the vulnerability, even if you could make the device re-connect on a different channel (which seems to be how they get it to connect to their rogue AP) then you wouldn’t be able to do anything as you couldn’t communicate with the device, however the vulnerability allows you to reset the encryption key to all zeros and communicate with the device as if you were the legitimate AP.

Also in the video they discuss using ssl_strip to force non-SSL versions of websites where possible, which defeats that nicely. VPN still seems to be secure as far as I can tell, but I don’t have time to delve too deeply so I’m just going by what the press coverage says.

Yep – that’s where the attack becomes useful, especially for people who reuse passwords. It seems you can protect yourself by checking https is being used (I’m not sure if you can bypass ssl_strip by explicitly specifying that). Yes VPNs are still secure provided they don’t have any other vulnerabilities of their own.

The National Cyber Security Centre has published a guide.

https://www.ncsc.gov.uk/krack

It’s like at home you’re comfy knowing all your devices on your network are your devices, but with WPA2 vulnerable you may have an intruder on your network potentially. Worse at home as some operating systems will trust other devices on the network, e.g. Windows when it asks if you’re on a trusted home network, which means it opens a lot of firewall holes.

That’s just a false sense of security. You should assume your LAN isn’t secure e.g. at work there are 100s of machines on my LAN, who knows if one has been compromised. Best assume it has.

Every day I VPN to various customer’s networks and connect to their LANs exposing my laptop to 1000s of machines all over the world e.g. Nigeria, USA, Egypt etc. I basically assume I’m always being exposed to threats. Only been got once (that I know of) by a virus in China in 2003, in 25 years of IT work.

Every day I VPN to various customer’s networks and connect to their LANs exposing my laptop to 1000s of machines all over the world

I’d be doing that from a VM if I were you.

Is anyone aware of a list of modems/routers/access points that will be patched?

Mine is donkey’s years old and starting to get a bit flakey, could do with some recommendations for replacing it… What’s currently a good ADSL WiFi router modem for domestic use?

footflaps: how do you protect yourself in that situation?

Strong anti-virus + software firewall + well-configured VPN client?

Cougar’s suggestion of a disposable VM condom makes a lot of sense.

Not really the list you’re after verses but may give you an idea.

http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/

I’d be doing that from a VM if I were you.

I do 😉

footflaps: how do you protect yourself in that situation?

Strong anti-virus + software firewall + well-configured VPN client?

Basically all of the above. The main defence is a well updated OS. Then firewall on top of that.

I VPN from a VM, so they can only infect the VM image and most viruses / trojans won’t activate on a VM as that’s how the anti-virus companies test them, so as soon as they detect VMWare they stop running. However, I do have to transfer files between VM and host, so there is a possible infection path. Although all the files are ones I’ve created, so generally safe. Also, the VM machine will have zero-day vulnerabilities, so it’s not 100%.

Thanks Drac, looks a good place to start

Computerphile have done a nice simplified overview of how KrackAttack works:

[video]https://youtu.be/mYtvjijATa4[/video]