KRACK WiFi Vulnerability

Tuesday, October 17th, 2017 | Mark Bedford | Comments Off on KRACK WiFi Vulnerability

You may have heard about a recent WiFi security problem nicknamed KRACK which was uncovered by a group of researchers early 2017. They discovered that there is a problem with the way WiFi devices negotiate their encrypted connections and this leads to some serious issues, so you should be worried but don’t panic. Your wireless password is safe as it is not disclosed (as long as it is not used elsewhere).

The issues are present in ALL devices that use the WiFi WPA protocol and include Android, Apple iOS, OSX, Windows, Linux, IoT devices. Because the vulnerability can only be exploited by an attacker in your WiFi coverage area you wont be attacked by a bad actor from the other side of the world at 3:00 am but you might by your local neighborhood hacker.

Patched or un-patched, if you use HTTPS or SSH (or anything with SSL/TLS encryption), whatever you send is secure and cannot be plainly seen or intercepted (as far as this vulnerability goes). An attacker will see that there is traffic but not the contents of the traffic. If you use a VPN (no NOT Hola or its ilk) then traffic traversing the VPN is also secure. So there maybe some privacy issues here but not confidentiality issues. In many ways this is no different than using an open WiFi network at the airport or hotel, assume that your traffic is being watched therefore sensitive information should be protected with encryption. Note for Otago VPN users, only the traffic to/from Otago is secure, other traffic may not be.

There is only one remediation at present, patch your device with the security update for this specific vulnerability when it becomes available. Vendors are currently working on patches, or have already released them. This includes lots of devices that are still working after many years of active service (the vulnerability is some 10 years old). Many older devices will never receive security updates so if you continue to use these devices you should assume that all of your traffic is being spied on and potentially altered. Time to dispose of them responsibly and upgrade them to a newer supported device.

For those wanting a more technical discussion, here is a Information Security blog article


Is my home Wifi network ok?

Tuesday, October 17th, 2017 | Mark Borrie | Comments Off on Is my home Wifi network ok?

What is it KRACK?

You may have heard about the latest security problem with wifi networks and be wondering what this is all about.

Yes this is a serious problem, and YES your home network is vulnerable. Every network is currently vulnerable to this new issue. More importantly, you computers, laptops, phones and other devices are also vulnerable.

What impact is there?

Potentially this impacts an extensive range of devices including Apple, Android, OpenBSD, Linux, Microsoft, smart computers, smart phones, access points, IoT devices etc. The attack cannot be executed remotely; the attacker must be within range of your wireless network ie physically near your Wi-Fi.

So what can happen? An attacker can insert themselves into your network conversations and listen to what is going back and forth. They could also potentially start changing things. If you are communicating over an encrypted link such as using https then an attacker cannot see your information. This means that your passwords will continue to stay secure.

At this time, there is no evidence that an attack tool exists in the wild but they will come sooner rather than later. Until then the attack will only be possible from a skilled attacker, however once easy-to-use tools are available the skill factor is no longer a barrier . Expect to see your neighbourhood hackers attacking your old iPhone or Android device.

What to do about it?

With this in mind you should patch all of your devices soon.

If you have an older device then the manufacturer may not release patches for this issue. This is a problem and you will need to consider upgrading your device to one that is supported.

If you need to ensure the privacy of your network usage then use a VPN to encrypt all your traffic. VPN is a protocol for encrypting all network traffic between two network points. The University has a VPN service that allows staff to connect to the internal University network from most places on the Internet. You will need to find a suitable VPN service for you.

The Bleeping Computer site is keeping an up to date list of patched devices at


KRACK is an issue for all wireless networks. You should apply the security patches as soon as they become available.

Older devices may not receive security updates and are now at risk of becoming a gateway into your network and privacy. As such, sensible disposal is the preferred approach.

For devices where no patch is available you should assume that all traffic from that device can be spied on and potentially altered. Using a VPN to help mitigate this for you.

WPA2 “KRACK” – Technical notes

Tuesday, October 17th, 2017 | Jim Cheetham | Comments Off on WPA2 “KRACK” – Technical notes

KRACK (Key Reinstallation Attacks) is an effective attack on the WPA2 802.11i protocol used for protecting WiFi networks, published on October 16 2017 .

Because it is an attack on the protocol itself, every piece of equipment that can communicate over WiFi is affected. The attack must be carried out by a device that is in range of the network; i.e. this is a local attack, not a remote one.


Be WORRIED, but there is no need to PANIC. If there is a PATCH for your device, apply it as soon as possible. Otherwise, worry until there is.

KRACK tricks your wireless devices into resetting their encryption sessions to a known state, after which the attacker can read everything that they do, and can inject their own data into the network (i.e. a Man-in-the-Middle attack). This effectively turns your “private, secure” WPA2 network into a “public, insecure” one.

If you are safe operating your device on a public insecure network (e.g. airport or coffee-shop WiFi), then you will be equally safe operating it on a compromised WPA2 network.

KRACK does NOT steal your WiFi passwords or credentials.

The only effective fix for KRACK is on your client devices. PCs and laptops are likely to be patched quickly, mobile phones much more slowly if at all, and IoT devices are at serious risk.

KRACK References

  • KRACK website,
  • Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2,
  • CERT CVEs,
    • CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
    • CVE-2017-13078: reinstallation of the group key in the Four-way handshake
    • CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake
    • CVE-2017-13080: reinstallation of the group key in the Group Key handshake
    • CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake
    • CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it
    • CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
    • CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
    • CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
    • CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame


In early 2017 the researchers were finishing off another security publication when they realised that part of the OpenBSD network code for WiFi that they were discussing had a potential problem. By July 2017 a wide range of systems had been confirmed with this problem, and the CERT/CC co-ordinated a wider notification to OS and device vendors in late August. The public announcement was made on 16 October 2017.

Many vendors have made announcements and released patches already, more will be coming soon. OpenBSD patched early due to their relationship to the original discovery, some other vendors seem to have issued patches already but many important ones are yet to patch.


At the moment I’m getting my information from the CERT/CC and the Bleeping Computer website, but I’ll verify from original sources as soon as I can.

No Patches

If you have a device using WiFi, and there are no patches for it, you should assume that all traffic from that device can be spied on and potentially altered. If you are encrypting your communications with TLS/SSL or something equivalent like OpenSSH, then all you are at risk from is a lack of privacy. However, you might need to consider implementing a VPN if you rely on plaintext or easily spoofed protocols.

Further Questions

If you have any further questions, please get in touch with the Information Security Office through the usual channels.


What is Ransomware?

Monday, March 7th, 2016 | Mark Borrie | Comments Off on What is Ransomware?

In recent years another new term has emerged to describe yet more malicious software that attacks users. This one is called ransomware.

So what does ransomware do?

When a computer become infected with this software, all the files on the computer get encrypted. The user is then notified and offered an option of paying a ransom to get the secret decryption key in order to recover the files. If the user refuses to pay up all the encrypted files are lost.

There has been a large increase in ransomware attacks worldwide in recent months. The Information Security Office team is seeing large numbers of spam emails being intercepted here at Otago that are connect to ransomware attacks.

A recent attack

Many staff recently received an email claiming to be from a lawyer that suggested the user had breached copyright on some material. This spam was deliberately sent during the weekend so that users would not have the usual support channels available (Alarm bell #1). This email was sent to many other Universities.

An analysis from another institution of the email revealed that some interesting things.

  • The email had a zip file attached (Alarm bell #2)
  • The zip file attached to the email contained a pdf that had a script in it.(Alarm bell #3)
  • This script requested the user to install a special font in order to read the pdf (Alarm bell #4)
  • If the user (or their IT support person) finds the font and installs it then the ransomware is installed and immediately starts encrypting all the user’s files INCLUDING those on file shares.

Protecting yourself

Targeted spam attacks are getting more sophisticated. They use real companies and individual’s names. They are sent outside normal work hours, i.e. during weekends or holidays, or overnight. They often appear to be relevant to the target people, i.e. copyright issues for academics, or account information for financial staff.

Things to do (or not do)

  • Do not respond to unexpected emails outside work hours (It really isn’t that urgent)
  • Do not respond to requests to “take an action” (It truely is not that urgent)
  • Check with IT staff or colleagues if you get an unusual email. Chances are it will be a known attack, or it will alert staff of a new one under way
  • Be prepared. Make sure all your data files are properly backed up. Some of the ransomware attacks are now targeting backups as well as file shares so backups should not be accessible to the attack

For more information or assistance, contact the ITS ServiceDesk or the Information Security Office.

TrueCrypt & file encryption

Thursday, June 26th, 2014 | Jim Cheetham | Comments Off on TrueCrypt & file encryption

TrueCrypt is dead

We used to recommend TrueCrypt as an effective file encryption solution, suitable for exchanging data sets over untrusted networks as well as for medium-term offline storage or backups.

Unfortunately, over the last few weeks it has become clear that the TrueCrypt authors have withdrawn their support for the product; and while the source code is available (and is actively being audited), it is not Open Source licensed, and should not be used in the future. TrueCrypt is effectively dead.

What should I do?

What does this mean for people who are currently using TrueCrypt? I’d recommend that you migrate your data out of TrueCrypt and into some other format; not in a rush, because there are no currently-known attacks or vulnerabilities in the product, but in a well-planned way. You should not start any new storage schemes using TrueCrypt.

What alternatives are there?

There doesn’t seem to be any useable and “free” software that does everything that TrueCrypt did, but most people we talk to don’t actually need all of those features at the same time anyway.

We are currently recommending the 7z archive format with AES encyption as a solution to :-

  • Cross-platform support
  • Protection in transit (email, dropbox, etc); sharing
  • Medium-term storage on untrusted media

Please be aware that University-owned data should always be accessible by the University itself; so if the only copy of your data is encrypted in this way, the passphrase used as the key needs to be made (securely) available to the appropriate people (usually your employment line management).


7z is the file format originally implemented by the Open Source 7-Zip file archiver, it is publicly described and there are now multiple software implementations available. It is currently regarded as the ‘best’ performing compression software available. Read more on the Wikipedia entry. Command-line users might like the p7zip implementation, packaged in Debian and the EPEL repository for RedHat.

7z applications usually do not use encryption by default; make sure that you select this option for secure storage.


Wired reviews 4 external hard drives with built in keypads

Wednesday, August 1st, 2012 | Gene Teo | Comments Off on Wired reviews 4 external hard drives with built in keypads

I’ve posted before about external hard drives with built-in encryption. These devices have their own keypad to enter the password/decryption key. If you should happen to connect it to a computer infected with a keystroke logger, the key will not be revealed (although such a computer may have other malware installed on it!)

Wired have a four-way comparison of:

  • Apricorn Aegis Padlock 3
  • Rocstor Rocsafe MX
  • Lenovo ThinkPad USB 3.0 Secure Drive
  • DataLocker DL3


Passwords, policies, and cracking

Tuesday, May 22nd, 2012 | Jim Cheetham | Comments Off on Passwords, policies, and cracking

Here’s an overview of a new OWASP project called Passfault, that tries
to help assess password strength in ‘real world’ terms :-

One of the developer’s assertions is that password-creation policies are
not helping users to create secure passwords.

His examples provided on the Analyser website suggest that the problem
he is attacking is what I would call “the fallacy of the pass*word*”.

 Weak Passwords that pass typical policies:
qwerQWER1234!@#$ – !1cracked – cracked7& –
Strong Passwords that fail typical policies:
udnkzdjeyhdowjpo – seattleautojesterarbol

I ran my diceware script (grabs random numbers from and looks
up on the diceware wordlist) and tested the pass*phrase* “52nd temper
musk” (this was the first output from the script).

The passfault analyser said “Time To Crack: 17 centuries Total Passwords
in Pattern: 50 Quadrillion”. I’m not sure that his approach is
completely useful …

However, the overall idea is interesting. Instead of saying how
passwords should be formed, he is suggesting that they should be assessed in terms of how long they would take to crack. I have a few issues with that … First comes a glance at the Verizon Data Breach Investigations Report 2012, which tells us that “Brute force & dictionary attacks” are a reducing technique (although still at 29% a useful one). Their fuller results table for the Hacking mechanism shows :-

  • 55% — Exploitation of default or guessable credentials
  • 40% — Use of stolen login credentials
  • 29% — Brute force & dictionary attacks
  • 25% — Exploitation of backdoor or command & control channel
  • 6%  — Exploitation of insufficient authentication (e.g. no login needed)
  • 3%  — SQL injection
  • 1%  — Remote file inclusion
  • <1% — Abuse of functionality
  • 4%  — unknown

So having a “stronger” credential takes us out of the first 55% category — but so did even a weak password policy. Inside the 29% is still the best place to find password cracking carried out.

There are of course two main approaches to password cracking — online and offline. The Verizon stats don’t differentiate between the two, but I’m sure that online (where you just try credentials against the live service) is more common, because it is the easiest. In order to exfiltrate a stored password database, you have to have penetrated the organisation already, to some extent, and at that stage the password db is just an additional weapon.

Online password cracking should be dealt with by having account lockout and retry delay systems; there should be no way that the attacker should be able to test more than a small handful of potential passwords before the source of the attempts is blacklisted from the network, and the target accounts are locked (at this point you have to stop and consider your account lockout procedures: if your response is to send a “reactivate” link over external email, how do you verify it isn’t an attacker who is reading the target’s mailbox?).

So instead of instituting a password policy, even one that guides you to make selection by strength directly instead of indirectly, you’d be better off making sure that attackers can’t continue knocking at the doors all day long without being detected & blocked.


How MITMproxy has been slaying SSL Dragons

Monday, April 16th, 2012 | Jim Cheetham | Comments Off on How MITMproxy has been slaying SSL Dragons

I’ve just returned from the excellent OWASP regional conference in Sydney (the one with the long name of OWASP AppSec AsiaPac 2012), where I presented “How MITMproxy has been slaying SSL Dragons“.

The presentation covered the basics of what MITMproxy is (a developers/pen-testers HTTPS interception/modification proxy), why such software is useful, and what MITMproxy itself is especially good at.

The section on how to use MITMproxy ran about 90% successfully over the live Internet, which is always a risk for a demo at a conference!

The slides are available here, as the original LibreOffice ODP format, or as a PDF. They are Copyright © The University of Otago, released under the CC By-SA 3.0 NZ license.

All-round Privacy from a Bootable Live USB?

Monday, January 30th, 2012 | Gene Teo | Comments Off on All-round Privacy from a Bootable Live USB?

Screenshot of the Tails website

Screenshot of the Tails website

Tails is a Linux distribution that offers internet privacy by default, and comes as a live CD or live USB.

So you would insert the Live USB drive, restart the computer, and it would startup the Tails Linux Operating Sustem. You can encrypt any files you create with built-in tools, and any internet traffic is anonymised. When you’re done, shut down and remove the USB drive.

The concept is fantastic! There are far too many uses to list – from the noble and important goals of safeguarding communications within a repressive government, to simply protecting your privacy when using public WiFi (e.g. At a hotel, Starbucks or McDonalds).

It’s only version 0.10 at the moment (meaning there is a lot of work still to be done), but I’ll be following this closely. Check out the various ways you can support this project.

Technical Stuff: Astute readers will correctly note that you’re still vulnerable to hardware intrusions like keyloggers if you use untrusted hardware. Regardless, some protection (e.g. Tor network) of your activity is better than nothing. There are also various methods of avoiding keyloggers if you suspect hardware tampering – like using on-screen keyboards (incidentally, Tails ships with one).

The other concern is whether one can trust the Tails developers. To each their own.

LCA2012 — MITMproxy presentation

Thursday, January 26th, 2012 | Jim Cheetham | Comments Off on LCA2012 — MITMproxy presentation

At the LCA2012 conference earlier this year I presented “MITMproxy — use and abuse of a hackable SSL-capable man-in-the-middle proxy“.

The video of the talk is now available in a number of places :-

MITMproxy is a python-based console tool to help you inspect & alter the HTTP conversation between a client and a server, regardless of whether it is over HTTPS or not. “It is not an attack tool”, but instead is a powerful tool for debugging applications at either end of the conversation.

Giving a talk at an LCA conference is excellent fun, and very rewarding. I have 6 months to come up with my next submissions!