Hacker News new | past | comments | ask | show | jobs | submit login

As an Android user is there any mitigation for this other than ditching my handset and switching to an iPhone or waiting (hopelessly) for a patch from my vendor.

This really does highlight the absolute disaster zone that the Android handset market has become as far as updates are concerned. I'm sure the Pixels will get a fix relatively quickly but almost every other Android user is going to be left in security limbo.

This is one of those things that should be better with modern handsets and the security patch level for Android. Hopefully a fix for this is included in the November set.

In general most bigger manufacturers have been somewhat decent in updating their flagship devices. With a Sony flagship from the last 18 months for example, you usually won't run more than two months behind on security updates. Samsung is similar if I remember correctly. Hopefully a big exploit like this will be enough of a kick in the butt to get manufacturers releasing security updates faster.

I have a HTC 10, a flagship device that's barely a year old the fact that I now have to wait a couple a months for a patch to what is clearly a critical vulnerability is just ridiculous. The fact that anyone without a flagship device should now throw that phone away because it will probably never be patched is despicable.

I totally agree with your hope that this will kick both the manufacturers and Google in the butt enough to get something done about this. I don't like our chances though!

To underline your point, even my Nexus 5 (_from Google_), which is a little less than 3 years old, will never receive security updates. And one of the main reasons I chose the Nexus was to be sure to get updates on time. Except for the security vulnerabilities, everything of the device is totally fine. It's such a waste of resources… (In this case I at least have an alternative in the form of Lineage OS, which will only cost me time and nerves for the migration.)

The Nexus 5 was released 4 years ago. At the same time the iPhone 5C was released. The 5C also won't receive a patch for this.

There is a problem with handset abandonment, but this is true across all vendors, and it does not underline sequence7's claim that this is solely an Android problem.

To be fair, these two examples are both on the extreme end: The Nexus 5 being one of the longest supported Android phones on the market, and the 5C having a rather short support period, compared to other iPhones like the 5S, which was released along with the 5C and got iOS 11. Security updates for the Nexus 5 also stopped shipping about a year earlier. There's still room for improvement for Apple (5 years of security updates seems reasonable), but there's still a large gap.

Mobile devices also have much less reason to lose support than they used to. In 2010, the difference in hardware between a new phone and a 3-year-old phone was huge - 8 times the RAM, 4 times faster CPU, twice the display resolution, etc. Nowadays, the Nexus 5's specs are on par with midrange phones being released as new. It has all the hardware required to run modern apps. There's no good reason why it can't be supported, besides getting more money from people if they have to buy a new phone every 3 years.

Has anyone ever taken a vendor to court on the basis of consumer rights and not providing security updates and the product therefore not being fit for purpose?

For example, under the Consumer Rights Act 2015 in the UK the product must last for as long as a reasonable person would expect it to, and Apple's interpretation of that is five/six years (see https://www.apple.com/uk/legal/statutory-warranty/).

I'm always tempted by this, I have time, I know people, but the thing is, you agree too far to many contracts by starting to use such a device, that just navigating the initial waters to find a path to sue anyone is a complete non-starter. I'm not able to tilt at this windmill. Hopefully the Purism phone succeeds and I can buy one. Till then ill keep buying a top of the line Apple phone each 4-5 years when support runs out.

If it's anything like Australian Consumer Law, it's really really difficult to sign away those rights. In fact, even attempting to tell a customer that they can sign away those rights can result in company ending fines.

Hmmm, might have to lead with this line of reasoning when I ask Samsung here in Australia why my S6Edge doesn't have an update for this in a reasonable timeframe...

> you agree too far to many contracts by starting to use such a device, that just navigating the initial waters to find a path to sue anyone is a complete non-starter

The Consumer Rights Act 2015 also covers unfair terms in sales contracts (and at least in Scotland EULAs are part of the sales contract, per Beta Computers (Europe) Ltd v Adobe Systems (Europe) Ltd; I don't know the status elsewhere in the UK), and it's quite likely you could just go through most of the possible contractual outs and argue they are unfair terms.

The problem is that these aren't phones anymore; they're small computers. They should have support lifetimes that are comparable to desktop computers.

> they're small computers.

And they are more expensive than many computers you can buy on the market. 2 years support on a device that can cost $500+ isn't acceptable.

And yet people buy them.

We are 4-5 years into the period where people have had sub $300 choices, so there is an alternative to spending $500+ on a device that comes with 2 years of support. Maybe not a fantastic alternative, but the $300-$500 extra that people choose to spend says something about what they care about.

Quite frankly I don't think we should be counting elapsed time from when the device was first released but rather to when the device was last sold as new. I have a Sony Z3 first released September 2014, but which I purchased new over a year later in October 2015. The last security update this phone received is the May 2016 one.

> The 5C also won't receive a patch for this.

You don't know that. Apple could very well release an iOS 10 update for this.

By that token it's possible the GS2 on Android 4.0.4 might get a patch for this.

But in both cases the stated policy is that the devices will not receive any more updates, either feature or security.

A lot of phone companies are locking their devices from receiving new kernels. Its dumb and I hate it.

Last I checked, LineageOS for the Nexus 5 is still vulnerable to CVE-2017-9417 (Broadpwn). LineageOS might work for keeping the userspace up-to-date, but their kernels are still largely dependent on the upstream vendors. If the problem is in a firmware blob, as is the case with Broadpwn, you are pretty much guaranteed to be SOL without vendor support.

You'd expect better from the horse's mouth, but most other companies are worse. I got a Fairphone 2 and my partner a Wileyfox Swift 2X. Both have very good software support thus far. Near monthly updates. Wileyfox phone is a bit new, but they got a good track record. Nokia (HMD) also seems to be back, this time with good software support (thus far). Compare that to Motorola.

Hopefully Android Orea 8 with Project Treble will stop this ridiculous trend for the rest of us. Together with the smartphone market being saturated (budget phones of 200 EUR are very decent these days), we may end up with long term support on older yet still decent devices.

On the bright side, Nexus 5 has a lot of community support. So, as you've stated, there are decent ROM alternatives like LineageOS that are actively maintained to implement these patches.

Fortunately the term "flagship" doesn't promise anything about support, patches or security.

It's just a word that means you paid more for having all the bells and whistles that the OEM could offer at the time, instead of going for the next-best model or such.

Fortunately, whether you can afford the best of the best with all the optional extras or a cheaper second-tier model doesn't affect the security of the device. And it shouldn't, because if you can't afford a "flagship" device, doesn't mean you can afford to get hacked either.

Unfortunately, while the security-update frequency ought to be comparable, it turns out that it's mainly comparably bad :-/

LineageOS has got your back:


this is why I am rooting for initiatives like PostmarketOS [0] and similar initiatives in the hopes ot break this mentality that every year we need to buy new hardware in order to stay secure.

[0] https://www.postmarketos.org/

"With a Sony flagship from the last 18 months for example, you usually won't run more than two months behind on security updates."

That's still truly terrible compared to Apple's legacy device support. iOS 11 and future patches still support even the iPhone 5s, a phone from 2013.

According to https://char.gd/blog/2017/wifi-has-been-broken-heres-the-com... it will be in the November 6 Android patch level.

Any https traffic is going to be safe from this attack, a VPN would also protect you.

From TFA:

Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations. For example, HTTPS was previously bypassed in non-browser software, in Apple's iOS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps.

This only applies to apps which screw up validation of TLS certificates. There is an unfortunate amount of them, but certainly does not apply to all apps (and not an issue for websites).

Either way, this disclosed vulnerability only involves link layer man-in-the-middle in order to collect traffic. Active manipulation of traffic (Required for TLS intercept) is more complicated.

Pray for a vendor patch. The fix landed today in the hostap repository:


Does this resolve the issue on the AP side of things? Could I theoretically have an AP update that would resolve this with no need to update clients?

Both APs and clients need to be patched[0]. Mitigations are possible on AP side if no updates are available[1].

[0]: "Finally, although an unpatched client can still connect to a patched AP, and vice versa, both the client and AP must be patched to defend against all attacks!"

[1]: "you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming)."

Unfortunately no, from what I understand this is primarily an attack against clients.

Ah yes, I see now that the patch is actually to wpa_supplicant.

Well, hopefully this means no kernel patch will be needed.

I know it's not ideal nor user friendly, but you can get a device that is supported by lineage os.

You get updates every week.

Since this is fixed by a patch to wpa_supplicant LineageOS does fix it, but it is pointed out elsewhere in this thread that Lineage is still vulnerable to older hacks like broadpwn on many devices since they have a hard time patching kernel-level vulnerabilities without vendor participation.

Your advice is valid, but it’s important to not have a false sense of security.

I wasn't aware of that, thanks

You should be good if you’re up to date as of November 6th (I think, it may be November 8th) Swiftonsecurity tweeted this out, it’s a description of KRACK and various devices affected by it. Apparently google already fixed it on android? Also it says that iOS is rumored to be protected against this since iOS 11 but it’s not confirmed. Nobody has put out an official statement yet. What’s weird is that commercial vendors like Ubiquiti UniFi (I use them myself) have already released fixes for their APs but the paper says that clients should be the priority and get fixed from KRACK ASAP. And it’s weird because I don’t know of any client-side fix released in the wake of KRACK being public. https://char.gd/blog/2017/wifi-has-been-broken-heres-the-com...

October 6th/8th, you mean?

I found it interesting that, in his article, he said: "With our novel attack technique, it is now trivial to exploit implementations that only accept encrypted retransmissions of message 3 of the 4-way handshake. In particular this means that attacking macOS and OpenBSD is significantly easier than discussed in the paper"

but elsewhere it said recent versions of OS X and iOS are not impacted. I wonder if the "safe" OSes are only vulnerable to the blocking/replay but not the decryption of data?

My UniFi AP-PROs show up today so I'll make sure to update them first thing.

Also, I'm having a bit of a hard time understanding the attack. It sounds like he forces them to connect to his AP, performs the attack, then allows them to connect to the intended network with the zeroed key, THEN is able to sniff that client's traffic because he knows their key? If I understand correctly, this means he cannot sniff the whole network's traffic, only the traffic between the attacked client and the AP? This makes me wonder about the meaning of a pre-shared key, but I'm guessing the PSK is only used to setup the relationship between client and AP, and then after the initial connection/pairing the pre-shared key is no longer used...

> Also, I'm having a bit of a hard time understanding the attack.

He forces them to connect to his own AP and forwards all traffic to the destination so that the client is unaware it has been redirected.

He then forces the client to re-install the key which (on anything that is derived from wpa_supplicant e.g. Linux, Android, etc) the client has blanked out after first use, so the key it reinstalls is now all zero bytes.

He can continue to forward the traffic to the destination so that the client gets responses, but now he can decrypt all of the traffic too.

For clients that re-install the correct key (which the account does not recover in any way) the attacker has to rely on snooping enough encrypted data in order to perform a birthday attack as the key re-installation also resets the frame counters which leads to nonce-reuse which is a problem in ciphers like AES-GCM.

I appreciate this is coming from a UK perspective and that not everyone is this lucky, but I don't remember the last time I used public WiFi on my phone thanks to a general mistrust of it and the fact that 4G (or at least HSPA+) has very good coverage here.

Same here (Devon, UK) — although I do use the WiFi we have on buses here, and occasionally when in cafés.

This is about WiFi "protected" with WPA2: basically treat it as suspiciously as you would any public WiFi.

If you choose not to use public WiFi because you can't "trust" it, then you now need to stop using your private WiFi too (until your systems get appropriate patches).

Don't forget the fact that carriers are now snooping your 4G data and selling it to advertisers. It has been a bad week for privacy.

"is there any mitigation for this other than ditching my handset and switching to an iPhone or waiting (hopelessly) for a patch from my vendor."

Using a VPN is the best way to mitigate this until your device is patched, assuming you trust your VPN provider or run your own VPN.

Edit: Actually, even if you don't trust your VPN provider, you'll be protected against this attack (KRACK), given their client is implemented properly.

> given their client is implemented properly.

Unfortunately this is a big part of trusting your VPN provider. It’s shocking how bad the situation is, especially it seems on those marketed via Android apps. [1]

[1] https://arstechnica.com/information-technology/2017/01/major...

Well the VPN ecosystem has an enormous long tail - the paper you cite tested 283 (!) apps. It's unfortunate but somewhat expected that a significant number, especially the ones that haven't been around for long, would have issues.

I'm sure, given the size of that list, that they tested some of the biggest players on the VPN space. I think it'd be good to know which apps were tested and didn't show any issues, especially in light of Krack and the Android bug on wpa_supplicant.

Disclaimer: Used to work for an OEM

With critical bugs like these, it's certain Google will require recent devices that have enough affected users to be updated ASAP. Expect an update within in a few weeks.

The problem is that "recent" seems to mean <3 years old, and often, <2 years old. But there are still millions of active Galaxy S3s, S4s, S5s, etc.

As others suggested ensure that all communication uses TLS (be it https et al or tunnel traffic through a VPN).

Also you could install a better version of Android on your phone rather than an outdated vendor version. That will probably fix more security related issues than just this one :)

How would you make sure that apps use TLS for comunication? In the browser it's easy to see, but in apps those details are hidden away from the user.

Sniff the apps, uninstall if they don't, it's just plain unacceptable at this point. If there's something you really need that doesn't, set up a VPN.

Use a VPN, a commercial one that actually works, like F-secure Freedome.

I orded a librem5 for this among other reasons. https://puri.sm/shop/librem-5/

Currently the only mitigation is to constrain your browsing to properly configured https (SSL) web sites.

You can (try) to restrict your browsing to HTTPS sites only.

But it's very difficult to ensure that all the communications your device is making (background services, vendor apps...) go through that channel.

If only there were some certification body that ran an App Store with rules against unencrypted traffic...

This issue is two-fold right. You can install plugins that force SSL client side (on the main site and any AJAX calls thereafter) but like you said you have no idea what calls that site is making server side. They could be sending everything you send them over plaintext after the initial TLS secured request. Rough times.

Luckily, the servers past the initial SSL link won’t be using wifi, so at least you won’t be any worse off than before.

Or using a VPN.

It was quite nice to let a wifi router be the VPN client to offload it from all your laptops/phones/etc. and better guarantee "VPN always on".. so much for that.

Too bad DNS doesn't fall under properly protected against local attacks.

Fortunately, SSL/TLS (with HSTS) does not depend on your local DNS resolver being secure.

HSTS only works if you have visited the site before or it is hard coded (see Chrome and Google services for example).

Reality is that DNS remains and will continue to remain a giant hole in TLS.

All major browsers implement HSTS preloading, and getting added is quite simple. A very large percentage of your average internet user's traffic is covered by this.

Preloading is a problem waiting to happen. It works fine when only a small portion of the internet uses it. But when you have 2 GB preload file with a few billion entries things are not going to work so well.

The idea is to make HTTPS the default before that happens. In the meantime, you can fit a lot of domains into bloom filter-like data structures.

Fail-safe is indeed the preferred option here, yet the resulting Denial of Service is still unpleasant.

Install one of the major ROMs like AOSP or LineageOS. Relying on your vendor for software or purchasing a device that forces you to isn't the best idea these days.

> Relying on your vendor for software or purchasing a device that forces you to isn't the best idea these days.

Relying on the efforts of unpaid volunteers doing their best to hack together binary blobs is also not the best idea...

Not all devices are supported by major ROM distributors, nor is the support guaranteed to be endless or current... (even some devices as major as the Galaxy S6 for example)

Only so much depends on those binary blobs though and changes to, for example, wpa_supplicant, happen at a much higher level.

Agreed, but unfortunately if the difficulty of maintaining/backporting/forward-porting binary blobs means that nobody will release ROMs for your device (anymore), your point is pretty much irrelevant. ;-)

This is true, however it doesn't make the point irrelevant.

1. Beyond difficulty of porting blobs, you might well also simply get your updates from a custom ROM faster than you'll get them from the manufacturer, even if it's still supported. That in itself is an advantage.

2. Backporting updates to third party components can be simple (assuming a stable ABI/API); the easiest case is probably that of just dropping binaries from a similar phone that did get updated into a zip file and then flashing it. Look at busybox installers, for example; all you need is a version compiled for your hardware. Java components can sometimes be changed as well (see xposed). This works on desktop systems as well, sometimes: I've been able to 'fix' older games into working just by dropping a newer version of a dll into the game directory (directx, openal, etc))

3. Maybe the company is just stupid. Motorola (or is it Verizon?) has tried Marshmallow for the Moto E2 in Europe, but not in the US. I'd expand on this but I'm on mobile and I'm lazy.

Ubiquity just released a patch for KRACK and soon others will I imagine. From a client perspective, same as always, wait for a patch from your OS vendor. edit: it seems this patch only handles modes where the AP is a client like a bridge or site-to-site. Its still a client-side fix and patching AP's used traditionally won't fix this.

In practice, everything of value should be going over TLS. If you're worried you should be using a VPN on untrusted networks. This attack, if I'm reading it right, doesn't do anything someone on your wlan or lan can't do right now via ARP poisoning and other attacks. So being on that work connection or restaurant wifi is almost the same risk level of this attack.

The thing is, not every protocol offers TLS. Take SMB (network shares) for example... encryption is only offered as of v3 and if a company/university wants to allow Windows 7 clients, they're capped to SMB v2.1.

That's a good example. I guess there's other mitigation at work here. In my case if I'm in a public wifi area and connecting to my work PC then I'm using VPN to access smb. Smb just isn't open to the wifi attacker.

In a case that it is, its curious how you would inject data into a smb stream and not fail checksums from client-side chechking. Maybe its trivial to deal with this, not sure.

If the WPA2 protected wifi network is using AES, which is the most common in my experience, then they won't be able to inject any data. From the Krack website:

If the victim uses either the WPA-TKIP or GCMP encryption protocol, instead of AES-CCMP, the impact is especially catastrophic. Against these encryption protocols, nonce reuse enables an adversary to not only decrypt, but also to forge and inject packets.

True, but what I'm getting at is watching (not injecting/modifying) the username and password fly across the campus airwaves.

Use an always-on VPN?

Always using a VPN should be a mitigation until a patch is released. Should only be a couple weeks out for Pixel devices.

Ditch wifi, go 4G only!

I'm not convinced 4G is more secure.

It does have higher barriers to entry, and penalties for broadcasting unlicensed. Granted, that's both more of an obfuscation than anything else.

Regarding mobile data in the US: https://news.ycombinator.com/item?id=15477286

There are many places indoors where I can get a WiFi signal but no cellular service.

or waiting (hopelessly) for a patch from my vendor

If this is an actual in the wild exploitable issue, there will be patches very quickly for handsets in the support period, as quickly as there is for iOS. This has been the case repeatedly before as well.

What a weird post in general. Maybe wait to complain about this a month down the line or so? Instead it's just effectively noisy rhetoric.

The support period for an iPhone is at least 3 years of regular patches and feature updates. Most Android phones on the market will have a 'support period' of 12 months if you're lucky. My point is that the roll-out of updates to Android is unacceptably poor and inconsistent and relies on optimism on the part of the user.

The use of the word hopelessly was probably unnecessarily dramatic I agree but I'll leave it there so your comment makes sense.

There's a patch for iOS? Wonderful! Oh wait, there isn't.

Did you intend to post that reply to me? Because of course there isn't a patch for iOS yet, and when there is it will leave out hundreds of millions of devices that no longer receive patches. My point was that if one wants to stomp their feet and do the easy "Damn Android" complaint, at least wait until the basis is sound.

Ah, you're right, sorry: that was intended one reply up, where the poster seems to claim that iOS is already patched.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact