Tag Archives: WiFi

Security nightmare – It is time to update all your device

What a week – security wise. Many vulnerabilities have been uncovered. You are most likely affected by one or more of these. Read on and start updating all your devices.

Wi-Fi WPA2 vulnerability

Years ago, we all moved our Wi-Fi to WPA security protocol as WEP was deemed unsecure. Now vulnerability is found in WPA1/2 too, making it possible for malicious attackers to inspect and modify the tracking between computer and access point.

The vulnerability is known as KRACK (Key Reinstallation Attacks) and are in the Wi-Fi standard, so all devices are affected – laptops, access points, printers, phones… anything with Wi-Fi. The vulnerability is at client side, but many access points acts are repeaters etc., so do patch all Wi-Fi devices, otherwise the communication might be compromised.

Bleeping Computers are keeping a list of affected devices and firmware and driver updates to mitigate the problem.

Microsoft fixed the issue on October 10th and rolled out the update on Patch Tuesday, so if you are keeping your device up-to-date, then you are all safe. Apple has not yet released a patch.

Read more about KRACK.

RSA key generation vulnerability

It does not sound intimidating, but this is a major vulnerability affecting Google Chromebooks, HP, Lenovo and Fujitsu PCs and laptops, SmartCards, routers, IoT devices – all devices that has a hardware secure chip (like TPM) from Infineon Technologies produced since 2012.

RSA keys are used to securely store secrets such as passwords, encrypt data (e.g. BitLocker) and generate certificate keys used in secure communication and sender/receiver attestation. It also affects digital ID’s such as those used by the Estonian government, based on SmartCard technology.

The RSA generated prime numbers are not truly random, making it possible to crack the private key via the public key. Depending on the size of the RSA key, they estimate it takes:

  • 512-bit RSA keys – 2 CPU hours (the cost of $0.06)
  • 1024-bit RSA keys – 97 CPU days (the cost of $40-$80)
  • 2048-bit RSA keys – 140.8 CPU years, (the cost of $20,000 – $40,000)

Based on an Intel E5-2650 v3@3GHz Q2/2014. 97 CPU days are nothing, as the crack can run in parallel and compute resources have become cheap with all the Cloud offerings.

To mitigate the ROCA security vulnerability requires firmware upgrades of the hardware secure chip. Microsoft (Windows 7+) and Google and others has released patches.

Read more about the ROCA CVE-2017-15361 vulnerability.

Securing my devices

It is time to update all my devices, but it is going to take time.

This is the list of devices I need to update: 5 Laptops, 1 Chromebook, 1 Xbox One, 1 Windows tablet, 2 iPads, 2 iPhones, 1 Android, 1 Windows Phone, 1 Ubiquity Access Point, 1 Sagemcom router (Owned by the ISP), 1 Amazon Echo, 1 Samsung TV, 1 Panasonic TV and countless IoT devices

Who am I kidding. Some of my devices are old (like my TVs), so the manufacturer will properly never release a patch.

Like it is not worrisome enough, then a privilege-escalation vulnerability in Linux kernel was also discovered. This means even more stuff to update.

 

Blog post from 10000 meters in the Air

While writing and posting this post I’m currently flying from Copenhagen, Denmark to London, United Kingdom over the North Sea with Norwegian airlines using the free online Wi-Fi connection onboard. The Internet connection is slow, but that’s expected as the traffic is routed through satellites and the fact that I share the connection with the 250 or so other passengers; all trying to access Facebook 🙂

A ping request to Google.com show that a roundtrip takes around 800 ms with some fluctuations into the 1200 ms

Pinging google.com [173.194.70.113] with 32 bytes of data:
Reply from 173.194.70.113: bytes=32 time=681ms TTL=43
Reply from 173.194.70.113: bytes=32 time=869ms TTL=43
Reply from 173.194.70.113: bytes=32 time=705ms TTL=43
Reply from 173.194.70.113: bytes=32 time=750ms TTL=43

An Internet connection speed test reveals my upload was around 400 Kbit/s download and 15 Kbit/s upload.

A trace route didn’t disclose much information; therefore not included in this blog post.

The Internet connection is very unreliable making it impossible to work, but IM and light sites are browsable. Internet on a flight is a welcome initiative making it more pleasant to fly.

I just hope the competitors will do the same and the quality of the connection will improve.

Configuring Windows 7 network priority

Windows 7 apparently always prioritizes the wireless network connection (Wi-Fi) – no matter if a faster wired network connection is available. This is default behavior – go figure!

Luckily you can change it, but it isn’t easy to find. Do the following:

  1. Go to “Network and Sharing Center” (e.g. through the “Control Panel”)
  2. Click “Change Adapter Settings”
  3. In the “Network Connections” window, press the ALT key on your keyboard to being up the menu bar.
  4. Click the “Advanced” menu and then “Advanced Settings”
  5. In the “Advanced Settings” windows on the “Adapters and Bindings” tab under “Connections”, you can change the network connection priority with the arrows on the right.

It will still connect to all available network connections (wireless and wired), unless they are disabled.