[conite]

I will ask you since you usually have thee answers bro.

In laymen terms for some of us: How could this exploit effect us hypothetically on a BB10 device if vulnerable and, well, being exploited? What can, would they typically do with this as I already know wed have to be on a WPA2 WiFi which is prett,standard everywhere as far as I know as WAS the basic but most secure, I'm on it right now? My home/personal what could happen. I am not running no damn proxy.

I think this will help allot of us decide and understand.. thanks @conite

Dread

 Passport SE  -Working wiDe in 2017+...

A hacker can interfere with the initial handshake between your device and a wifi router which allows him the ability to decrypt the traffic you are exchanging over the network. The attacker doesn't even have to be on the network himself.

Not only can he listen to the traffic, but he can forge fake data and install malware or ransonware on your device.

This is bad. Very bad.

[DreadPirateRegan]

A hacker can interfere with the initial handshake between your device and a wifi router which allows him the ability to decrypt the traffic you are exchanging over the network. The attacker doesn't even have to be on the network himself.

Not only can he listen to the traffic, but he can forge fake data and install malware or ransonware on your device.

This is bad. Very bad.

Thanks,
So they would have to create the ransom ware for BB10 first as far as we know none exist? The handshake happens continuously even after omen is signed onto the WPA2 and can only happen during that time frame or at anytime signed onto the network? Is there a way to fix this from your home routers network itself to secure home status at least or nope? I'm nervous guys! Cobalt, may have to wait a bit longer bud. Sorry! Remember from the city of brotherly love here! Lots of people equals lots of hackers!

I know enough to know it's serious. Grrr.

So with the other stuff in this thread yesterday and blackberry's definition of EOL, it's still not confirmed, right? By BlackBerry themselves?.. how much can it cost for them to really release this patch even if release it somehow in BBW unless that is not possible. I missed that part of the thread.

 Passport SE  -Working wiDe in 2017+...

[Milla_Mallis]

10.3.4 it's coming?! Where?! When?!

Posted via CB10

[DreadPirateRegan]

10.3.4 it's coming?! Where?! When?!

Posted via CB10

It will be called BB11 to really shut everyone up! If I was on the other end, that's what id do. I would seriously release a patch though as to many government officials and people still depending on them. For security none the less! They must! Did anybody call or write to them?....

 Passport SE  -Working wiDe in 2017+...

[DreadPirateRegan]

I called in for the ART fix and they said they only had (when really dug deep) one other caller saying something similar. I believed them and found that absurd! If ya not a "caller" don't complain if no fix comes, imo. Anyway, with ART ' I explained very well.... Could of been chance but two days after (after weeks of chatting about it via CB with all u fine folks) the ART bug was corrected and released within BlackBerry world so it's a known fact they don't follow us here which honestly is or at least was not the smartest. I'd have a team dedicated to just tracking stuff over here if not just for the free consensus, etc. Maybe TLC will not that they can help with BB10's issue but JS... Be nice. Call, I am going to! They do answer via the janitors closet. Usually a woman! The more calls and explanations how it can ruin the reputation and brand, the better chance..

 Passport SE  -Working wiDe in 2017+...

[DreadPirateRegan]

Hey, this WPA2 been rock solid for how long? Is it a sign generation Z is indeed going to be even Smarter or probably moreso that it's "EOL" hah, as in its been around to long and everything is fallible as if someone been trying to "Krack" this in their mommy's basement for a decade! They cracked our code guys and big league at that! Also, the bluebourne right prior.....JS.

 Passport SE  -Working wiDe in 2017

[conite]

Thanks,
So they would have to create the ransom ware for BB10 first as far as we know none exist? The handshake happens continuously even after omen is signed onto the WPA2 and can only happen during that time frame or at anytime signed onto the network? Is there a way to fix this from your home routers network itself to secure home status at least or nope? I'm nervous guys! Cobalt, may have to wait a bit longer bud. Sorry! Remember from the city of brotherly love here! Lots of people equals lots of hackers!

I know enough to know it's serious. Grrr.

So with the other stuff in this thread yesterday and blackberry's definition of EOL, it's still not confirmed, right? By BlackBerry themselves?.. how much can it cost for them to really release this patch even if release it somehow in BBW unless that is not possible. I missed that part of the thread.

 Passport SE  -Working wiDe in 2017+...

Once he has access, he's in.

The router has nothing to do with it.

Isn't it enough that he can listen to all of your traffic without worrying about the malware part?

[DreadPirateRegan]

Once he has access, he's in.

The router has nothing to do with it.

Isn't it enough that he can listen to all of your traffic without worrying about the malware part?

Yes, especially my choice of porn,
I'd be super embarrassed Bro!

#Tentacles man, just saying.. HaHaHaHaHa

 Passport SE  -Working wiDe in 2017+...

[app_Developer]

Hey, this WPA2 been rock solid for how long? Is it a sign generation Z is indeed going to be even Smarter or probably moreso that it's "EOL" hah, as in its been around to long and everything is fallible as if someone been trying to "Krack" this in their mommy's basement for a decade! They cracked our code guys and big league at that! Also, the bluebourne right prior.....JS.

It's a cat and mouse game. There are actually no omniscient people in cryptography or standards development or architecture or software development. I see some people on linkedin this week with amazing powers of hindsight and a lot of chest-thumping, but in reality we all know even the biggest experts make mistakes. It's a complicated field with serious firepower on the other side. If you have 1,000 developers on your team, somebody is making a bug right this second.

These KRACK attacks are pretty hard to do in practice. So I don't think the sky is falling. In our own labs we've been testing this and those guys are telling me that in the WPA_supplicant 2.4 case (the most serious case according to the media), the device loses the connection to the actual router when the key is reset. So it then tries to reconnect and you can keep repeating the attack, but you have to get the timing exactly right to get anything of real value from the user.

In the WPA_supplicant 2.6 case they found what I consider to be a much more serious issue, which is that you can silently alter packets. And you can do that forever.

The media is focusing on the 2.4 case because it sounds dramatic (ZOMG the key goes to all zeros!), but I actually think the flaw in Nougat and Oreo is worse in real life. The 2.4 all-zero PSK case fails hard, but it fails fast.

But again, it's going to be really hard for a bad guy to do anything really harmful at any kind of scale with this, IMO. It's a serious flaw, and it should be fixed, and it's not purely theoretical, but it's not like people are out there reading everyone's WiFi traffic around the world today. It's not that easy to exploit this.

[Dunt Dunt Dunt]

I called in for the ART fix and they said they only had (when really dug deep) one other caller saying something similar. I believed them and found that absurd! If ya not a "caller" don't complain if no fix comes, imo. Anyway, with ART ' I explained very well.... Could of been chance but two days after (after weeks of chatting about it via CB with all u fine folks) the ART bug was corrected and released within BlackBerry world so it's a known fact they don't follow us here which honestly is or at least was not the smartest. I'd have a team dedicated to just tracking stuff over here if not just for the free consensus, etc. Maybe TLC will not that they can help with BB10's issue but JS... Be nice. Call, I am going to! They do answer via the janitors closet. Usually a woman! The more calls and explanations how it can ruin the reputation and brand, the better chance..

 Passport SE  -Working wiDe in 2017+...

Back when I bought my Z10... had to contact Verzon about the rebooting issue, and then sent me up to BlackBerry and I dealt with two different support people there. All three acted like I was the only person in the world to have a Z10 that rebooted at random times.

But yeah, it's can't hurt for people to call and voice their concern.... If you find a working support number, you might want to post it.

[G_Unit MVP]

As far as I understand, if you connect to a wi-fi network that has been compromised, you still have a way to know if the data you are about to transfer is safe or not, by paying attention to the green "https://" on the address bar. At least this is valid when browsing, I'm not sure how safe is to use apps that have a login.

[DreadPirateRegan]

It's a cat and mouse game. There are actually no omniscient people in cryptography or standards development or architecture or software development. I see some people on linkedin this week with amazing powers of hindsight and a lot of chest-thumping, but in reality we all know even the biggest experts make mistakes. It's a complicated field with serious firepower on the other side. If you have 1,000 developers on your team, somebody is making a bug right this second.

These KRACK attacks are pretty hard to do in practice. So I don't think the sky is falling. In our own labs we've been testing this and those guys are telling me that in the WPA_supplicant 2.4 case (the most serious case according to the media), the device loses the connection to the actual router when the key is reset. So it then tries to reconnect and you can keep repeating the attack, but you have to get the timing exactly right to get anything of real value from the user.

In the WPA_supplicant 2.6 case they found what I consider to be a much more serious issue, which is that you can silently alter packets. And you can do that forever.

The media is focusing on the 2.4 case because it sounds dramatic (ZOMG the key goes to all zeros!), but I actually think the flaw in Nougat and Oreo is worse in real life. The 2.4 all-zero PSK case fails hard, but it fails fast.

But again, it's going to be really hard for a bad guy to do anything really harmful at any kind of scale with this, IMO. It's a serious flaw, and it should be fixed, and it's not purely theoretical, but it's not like people are out there reading everyone's WiFi traffic around the world today. It's not that easy to exploit this.

Does this mean if on a 5ghz band it is safe or am I way off base? Thanks for all the great info regardless.. -Dread

 Passport SE  -Working wiDe in 2017+...

[joeldf]

But again, it's going to be really hard for a bad guy to do anything really harmful at any kind of scale with this, IMO. It's a serious flaw, and it should be fixed, and it's not purely theoretical, but it's not like people are out there reading everyone's WiFi traffic around the world today. It's not that easy to exploit this.

That's my thinking. I mean, this seems to be one of those "direct target attack" kind of things.

For this to be widespread, you'd have to start seeing strange vans parked every 200 feet down every street in every neighborhood in the country as they try to infiltrate every home and business wi-fi network there is.

I don't think that would happen.

Seems like there's are plenty of high profile targets out in the world that would be potential victims of something like this before the typical home router in a quiet suburban neighborhood gets picked off. I know my own router losses it's reach halfway down my own driveway. And, by then, my phone sees 6 other networks anyway.

[IggyBlue]

I'm confused. Do the bad guys have to be within range of your actual router to gain by this vulnerability, or can it be done remotely?

Posted via CB10

[chillekasper]

http://business.financialpost.com/te...t-android-push


That last part is interesting because they talking about suporting security on bb10


Posted via CB10

[bobshine]

As far as I understand, if you connect to a wi-fi network that has been compromised, you still have a way to know if the data you are about to transfer is safe or not, by paying attention to the green "https://" on the address bar. At least this is valid when browsing, I'm not sure how safe is to use apps that have a login.

If you’re communication is encrypted, either through a VPN, Whatsapp, iMessage, HTTPS, then you have nothing to worry about. The issue is when it’s standard emails where it’s just plain text. An attacher can easily snoop on your communications.

[app_Developer]

Does this mean if on a 5ghz band it is safe or am I way off base? Thanks for all the great info regardless.. -Dread

It doesn't matter which band you are on, this is a problem with the WPA2 spec itself plus some additional problems in specific implementations.

[bb10adopter111]

Well, you just need to find some professional to offer support then. By the way, commercial solutions might pick up the patch as well, since they did in the past and are often based on Linux anyway.

Posted via CB10

It's not the know-how that's hard to find. No security-oriented IT Department wants to add more components to its network that must be tested, approved, maintained and patched, and which must be added to their ongoing cybersecurity testing and monitoring program. Those costs far exceed the cost of hiring someone to help with a one-time implementation.

Companies will apply patches from their existing vendors, such as Cisco, and fire vendors that don't meet their expectations.

Posted with my trusty Z10

[app_Developer]

That's my thinking. I mean, this seems to be one of those "direct target attack" kind of things.

For this to be widespread, you'd have to start seeing strange vans parked every 200 feet down every street in every neighborhood in the country as they try to infiltrate every home and business wi-fi network there is.

I don't think that would happen.

Seems like there's are plenty of high profile targets out in the world that would be potential victims of something like this before the typical home router in a quiet suburban neighborhood gets picked off. I know my own router losses it's reach halfway down my own driveway. And, by then, my phone sees 6 other networks anyway.

Plus you have to actually still crack the session key. In the one case of the key being zeroed out, that part is easy (except the phone will realize quickly that it is now offline and so you'll probably not see a whole lot in reality). And in the other cases, you have to still crack the session key.

And then, as someone else pointed out, after you do all of that you still have the issue that many times the connection is itself TLS, and so what you can now see is still encrypted. Of course, that's still information that might be useful, but it's not like you can harvest a lot of content that way.

And when the phone gets new session keys, you start all over.

[bb10adopter111]

That's my thinking. I mean, this seems to be one of those "direct target attack" kind of things.

For this to be widespread, you'd have to start seeing strange vans parked every 200 feet down every street in every neighborhood in the country as they try to infiltrate every home and business wi-fi network there is.

I don't think that would happen.

Seems like there's are plenty of high profile targets out in the world that would be potential victims of something like this before the typical home router in a quiet suburban neighborhood gets picked off. I know my own router losses it's reach halfway down my own driveway. And, by then, my phone sees 6 other networks anyway.

For consumers, the risk is much less serious than the Equifax fiasco
For companies, especially those in government or critical infrastructure, or who value their intellectual property, KRACK is a very serious vulnerability.

Many of my clients are simply disabling WiFi internally and telling employees not to use any work-related endpoints on WiFi anywhere until they've been patched.

Posted with my trusty Z10

[Invictus0]

Taught that was back in 2015 right after the LEAP was released..... Any group the deployed BB10 in 2016, after BlackBerry basically ended development and told 3rd party developers that - bet that IT guy is looking for a new job.

But yes I'm sure there are a number of BB10 devices out there, and a number of IT Administrators trying to check all the boxes on their hardware vulnerabilities to CRACK.... and wondering when BlackBerry will let them know the status of their products. I'm just thinking that if it really came down to not patching BB10, it wouldn't be a big of an uproar as some here might think.

It was 2016,

GMP splashes out £10.7m to kit out officers with smart phones and tablets - Manchester Evening News

For secure use customers I doubt it really mattered that mainstream development had ended in 2015.

If BB10 is vulnerable to KRACK and BlackBerry decides to leave it unpatched (and it would be a pretty major vulnerability to leave unpatched) I'm sure that would cause more than a few headaches for IT admins that still manage BB10 devices. Why would they trust any BlackBerry service after that?

[DreadPirateRegan]

It was 2016,
Why would they trust any BlackBerry service after that?

Exactly, they must patch. They owe it to the people! ****, they owe it to themselves and TCL.


 Passport SE  -Working wiDe in 2017+...

[DreadPirateRegan]

For consumers, the risk is much less serious than the Equifax fiasco
For companies, especially those in government or critical infrastructure, or who value their intellectual property, KRACK is a very serious vulnerability.

Many of my clients are simply disabling WiFi internally and telling employees not to use any work-related endpoints on WiFi anywhere until they've been patched.

Posted with my trusty Z10

So "(H)Killary's" Emails are not at risk?

 Passport SE  -Working wiDe in 2017+...

[The_Passporter]

It was 2016,

GMP splashes out £10.7m to kit out officers with smart phones and tablets - Manchester Evening News

For secure use customers I doubt it really mattered that mainstream development had ended in 2015.

If BB10 is vulnerable to KRACK and BlackBerry decides to leave it unpatched (and it would be a pretty major vulnerability to leave unpatched) I'm sure that would cause more than a few headaches for IT admins that still manage BB10 devices. Why would they trust any BlackBerry service after that?

I think that they either have to patch it or become open about their situation and declare that there will be no patch and that it is at EOL at this moment. To remain silent is not an acceptable practice more will it instill any confidence in the company moving forward.

Posted via CB10

[bb10adopter111]

I agree, but for all we know, they could already be telling their enterprise clients exactly what the plan is. They don't really need to update the public if they are updating at risk companies directly. That said, this seems like the perfect moment to publicly affirm either that BB10 development has ceased altogether (though TBH I think they've already said that), with no patch for KRACK forthcoming, or that they are taking the extraordinary step of patching BB10 for this event, but that it will then be EOL.

In any case, a lack of an official statement by the time that Android and Apple have released their patches IS an official statement, as far as I'm concerned. That's was the point of this post! :-)