• Todas as comunidades
    • Todas as comunidades
    • Fóruns
    • Idéias
    • Blogs
Avançado

O que você está procurando? Pergunte a um especialista!

Kudos4 Stats

KRACK WPA2 Attack

Will the Norton Core receive an update to fix the recently discovered KRACK(Key Reinstallation Attack) WPA2-Vulnerability?

I know this is a recently discovered vulnerability, but, as it is a critical issue on the WPA2-Protocol putting basically all WPA2-Networks at risk, something should be done asap.

Labels: Firmware

Respostas

Kudos0

Re: KRACK WPA2 Attack

I'll second that. Does anybody know about this?

Kudos2 Stats

Re: KRACK WPA2 Attack

All: Indeed Norton is aware of it. Since I am not a Symantec employee and do not have access to the how, Core protects from this and what the "specific" technologies are making it capable of doing so I cannot validate a yes or no as an answer. The way Core was designed I personally believe it will defend against it. A Symantec employee has taken note that there should be a blog on the FAQ's providing those answers. When that becomes available myself or another Guru will gladly link you to that information as soon as it is available.

Cheers

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.239 / N360 Deluxe 22.17.3.50 / Norton Core v.282 on Android 2.00
Kudos1 Stats

Re: KRACK WPA2 Attack

MS issued an update on Oct 10 to mitigate this problem although it did not affect Windows. Google is working on a patch as Android is vulnerable.

http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/

Jim

Kudos0

Re: KRACK WPA2 Attack

Thanks Jim. Great article. Being that the Core setup is only accessible via Android and iOS interface at the present time I can surmise the question(s) are does Norton on the Core router mitigate the vulnerability within its protocols and how as both those platforms are named as vulnerable. Core does use 801.11/ac wifi which IS affected on Android devices as well as iOS and internally. Until patched those platforms present an avenue for compromise. Hoping for a solid answer soon. Would make a great BLOG.

Cheers

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.239 / N360 Deluxe 22.17.3.50 / Norton Core v.282 on Android 2.00
Kudos0

Re: KRACK WPA2 Attack

Well I hope Norton reacts as quickly as Linksys with the firmware update.   I have an old Linksys router that I keep connected in bridge mode so that I can access my USB drive and it just got a new firmware update today after years of not getting one.

Kudos0

Re: KRACK WPA2 Attack

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.239 / N360 Deluxe 22.17.3.50 / Norton Core v.282 on Android 2.00
Kudos0

Re: KRACK WPA2 Attack

More than 48 hours have passed since KRACK was announced. Many companies have announced patches, or that updates are in the works. Norton seems to be using the "Keep our mouth shut and the problem will go away" tact. This is getting old. A simple OFFICIAL statement that a fix is not required, one will be sent out soon, hardware used does not allow a fix, or we are discussing plans and will announce it soon would help immensely. The current tact is not the answer. At least an acknowledgement that KRACK even exists would be a first step.

I am using a VPN solution to help mitigate the problem for now, but it is a patch at best and I need a permanent solution.

Kudos0

Re: KRACK WPA2 Attack

All devices using WPA2 need to be patched; per the WiFi Alliance and CERT, routers and devices, as the KRACK flaws are part of the WPA2 protocols themselves. Cyber security software doesn’t fully protect users either. Even 5 and 6 year old routers are being patched by other vendors for this, so hopefully Norton will say whether they have patched for this soon. Of course, they still have a ton of Norton Core users like me whose Cores are still stuck on firmware 191 and won’t uodate to new version 193, and that needs to be fixed too.
Kudos0

Re: KRACK WPA2 Attack

If I have WINDOWS 10 on my laptop but use Chrome on my home wi-fi (only place I use laptop) am I protected from KRACK? Same q for I-pad which is also only used on home network (XFINITY)?

Kudos0

Re: KRACK WPA2 Attack

No; as I mentioned above, all devices using WPA2 are vulnerable, regardless of operating system. Google has yet to patch Chrome, and is confirmed vulnerable by Google. No word on when they will patch it. So is your router (including Norton Core until Symantec says otherwise) till it is patched too.
Kudos0

Re: KRACK WPA2 Attack

More details on Krack in excellent PC World article here. https://www.pcworld.com/article/3233308/security/krack-wi-fi-security-fl...
Kudos0

Re: KRACK WPA2 Attack

All: This partially answers the question regarding whether the Core MAY or may NOT be safe from this vulnerability.

http://www.zdnet.com/article/symantec-antivirus-product-bugs-as-bad-as-they-get/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2208

"One vulnerability, CVE-2016-2208, has been made possible as Symantec runs unpackers in the Kernel, and a "trivial" buffer overflow escalates to a Windows-based kernel memory corruption bug and potential remote code execution". This would apply to Norton security products. Since Norton Core Security falls into the product category then this code execution is possible at the kernel level of the OS. That being said for Windows MS has already patched for this during the last patch Tuesday event. Open to anything Symantec has to offer at this point whether this is applicable to the legacy products at the time of this article or still persists.

Cheers

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.239 / N360 Deluxe 22.17.3.50 / Norton Core v.282 on Android 2.00
Kudos0

Re: KRACK WPA2 Attack

Good reads, SoulAsylum. I can’t find anything showing Symantec ever fixed that, but hoping they did.
Kudos0

Re: KRACK WPA2 Attack

I just noticed an email I got from Norton today about KRACK. Here's the important part about what it says, and I'm not happy.

"GOOD NEWS! – You already have Norton WiFi Privacy that helps protect your data against this new threat."

That means the Core is doing squat about KRACK. You have to be using their mobile VPN solution (and outside your home) for that to help.

Kudos0

Re: KRACK WPA2 Attack

All: I'm awaiting a response from a PM sent earlier today regarding this. Patience is a virtue at this point.

Cheers

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.239 / N360 Deluxe 22.17.3.50 / Norton Core v.282 on Android 2.00
Kudos0

Re: KRACK WPA2 Attack

SoulAsylum:

All: This partially answers the question regarding whether the Core MAY or may NOT be safe from this vulnerability.

http://www.zdnet.com/article/symantec-antivirus-product-bugs-as-bad-as-they-get/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2208

"One vulnerability, CVE-2016-2208, has been made possible as Symantec runs unpackers in the Kernel, and a "trivial" buffer overflow escalates to a Windows-based kernel memory corruption bug and potential remote code execution". This would apply to Norton security products. Since Norton Core Security falls into the product category then this code execution is possible at the kernel level of the OS. That being said for Windows MS has already patched for this during the last patch Tuesday event. Open to anything Symantec has to offer at this point whether this is applicable to the legacy products at the time of this article or still persists.

Cheers

The vulnerability linked to was well over a year ago. Nothing to do with KRACK .  CVE-2016-2208

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: KRACK WPA2 Attack

DanGoodale:

I just noticed an email I got from Norton today about KRACK. Here's the important part about what it says, and I'm not happy.

"GOOD NEWS! – You already have Norton WiFi Privacy that helps protect your data against this new threat."

That means the Core is doing squat about KRACK. You have to be using their mobile VPN solution (and outside your home) for that to help.

AFAIK a VPN will not protect you from the KRACK vulnerability. 

Are you sure the email came from Norton?   Is this email from Norton legitimate?

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: KRACK WPA2 Attack

peterweb I guess you misunderstand what those articles are saying. I also said " Open to anything Symantec has to offer at this point whether this is applicable to the legacy products at the time of this article or still persists". I cannot find anywhere stating that CVE has been mitigated. Not to be condescending. However here is a little more info on the status of vendors regarding KRACK: http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4

Cheers

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.239 / N360 Deluxe 22.17.3.50 / Norton Core v.282 on Android 2.00
Kudos0

Re: KRACK WPA2 Attack

According to that list, Symantec’s patch status is listed as unknown, but is listed as vulnerable.
Kudos0

Re: KRACK WPA2 Attack

FWIW.  I just read this post from Norton Support on twitter:

"Norton Core is already protected from KRACK vulnerability - no update required!  Protect your Home Network today!" and then it had a link to order the Norton Core.

UPDATE:

I saw the tweet and now I can't find it.  Luckily, I took a screenshot

Kudos0

Re: KRACK WPA2 Attack

Manny T Please repost that screenshot using these instructions. Its easier to view this way: https://community.norton.com/en/forums/how-post-image-forums-0  

Cheers

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.239 / N360 Deluxe 22.17.3.50 / Norton Core v.282 on Android 2.00
Kudos0

Re: KRACK WPA2 Attack

This was tweeted and then it looks like they removed the tweet.

Kudos0

Re: KRACK WPA2 Attack

Kudos1 Stats

Re: KRACK WPA2 Attack

MannyT:

This was tweeted and then it looks like they removed the tweet.

Thanks MannyT. That's correct - the tweet was removed because it didn't give as much information as we'd like to provide on the subject. We'll have a more in-depth response shortly. Thanks for your patience.

Tony Weiss | Norton Forums Global Community Manager | Symantec Corporation
Kudos0

Re: KRACK WPA2 Attack

It's not clear if home PCs with WiFi routers benefit from Norton Krack WiFi protection, i.e. NOT public but inhome. Is there any protection for home computers from the Krack protection being offered?

Kudos1 Stats

Re: KRACK WPA2 Attack

I contacted my service provider in this case EE to see if anything needed to be done to my router who they provide regarding Krack.  Their reply was they are aware of Krack, but it is not an issue from their point of view and my router was not an issue.  Being a person who does not know much about the inners of operating systems, but knows that anything regarding networking and communications can get complicated I would like some more information from Norton regarding the scope of Krack.

Kudos1 Stats

Re: KRACK WPA2 Attack

Your ISP support team is misinformed, as every wireless router using WPA2 protocols (basically every router since 2010) is vulnerable to Krack. This is because it’s the protocols themselves with the flaw. So far, per both the FCC and the WiFi Alliance, every WiFi router/gateway provided by an ISP is vulnerable to Krack and none have been patched yet. FCC told me they weren’t even aware of any patches being worked on for ISP-provided routers/gateways, which is huge issue considering that those routers/gateways are what most people use at home, and this failure to patch leaves millions vulnerable.
Kudos0

Re: KRACK WPA2 Attack

All: No matter the ISP or personal device you have, if that manufacturer is on this list its vulnerable. Per CERT response the ISP will provide patches for their devices since they are "proprietary" on their networks. Hope that clears things up a bit for everyone.

http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4

Cheers

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.239 / N360 Deluxe 22.17.3.50 / Norton Core v.282 on Android 2.00
Accepted Solution
Kudos1 Stats

Re: KRACK WPA2 Attack

Kudos0

Re: KRACK WPA2 Attack

Richard, I'm asking Symantec if that is official or not. Will post an answer when I have that for everyone.

Cheers

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.239 / N360 Deluxe 22.17.3.50 / Norton Core v.282 on Android 2.00
Kudos1 Stats

Re: KRACK WPA2 Attack

Yep, that official. You beat me to it! Thanks for posting that info, @Richard1864.

Tony Weiss | Norton Forums Global Community Manager | Symantec Corporation
Kudos0

Re: KRACK WPA2 Attack

You’re welcome!
Kudos0

Re: KRACK WPA2 Attack

Richard, looks like we have the answer we were all looking for. Good find on your part. @Tony_Weiss & team Symantec thank you as well.

Cheers

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Home / Professional x 64 version 1903 / build 18362.239 / N360 Deluxe 22.17.3.50 / Norton Core v.282 on Android 2.00
Kudos0

Re: KRACK WPA2 Attack

I received an email directly from Norton with the announcement.

Kudos0

Re: KRACK WPA2 Attack

Just read it's fixed. Awesome!

Kudos0

Re: KRACK WPA2 Attack

Probably because you need protection for both.  KRACK can attack both.  If you are on a wifi network that is not protected your phone can be attacked by KRACK.

Kudos0

Re: KRACK WPA2 Attack

Two things...

1. Email from Norton "... Fortunately, your Norton Core Secure WiFi router is not affected by this new threat. However, devices connected to Norton Core may still be vulnerable...." Does that make sense?

2. How are we safe when the Core refuses to update itself with the latest, 193, since 191 (9/27/17)?

Norton better find a fix for the Core to update itself and fast! I don't feel secure since I cannot get updates!

Jim The Greek
Kudos0

Re: KRACK WPA2 Attack

1. Yes, it makes sense, since both routers and devices BOTH need to be patched to completely eliminate the KRACK vulnerability. 2. I agree with you, as I also stuck on firmware 191. It would be nice to know WHICH firmware version provides the patch for the router; if it’s version 193 then a LOT of Norton Core users (potentially hundreds depending on how many Norton Cores were sold) are still vulnerable.

Kudos0

Re: KRACK WPA2 Attack

Krack is whack!

Alright, so my only confusion with this is that one of the main reasons to get Norton Core is to protect your IoT devices because you can't always depend on all the vendors themselves to update their firm ware consistently. So Core is monitoring traffic of my IoT devices and protecting them. Now we have Krack that attacks wifi/IoT devices, correct?  The email says: "Fortunately, your Norton Core Secure WiFi router is not affected by this new threat. However, devices connected to Norton Core may still be vulnerable. Wi-Fi users should check with their other device manufacturers to see if a software update is available to fix this vulnerability."   I'm a little confused by that.......I mean yes obviously I will do what I can to get as many devices updated as possible, but I thought the Core protects these devices from such attacks, not just protects itself.  But maybe it is, and this is precautionary, and I'm just not reading this and the entire thread, right. The PCs all have Norton installed, android phones have Norton installed....but IoT do not and not much I can do about those other than run/install updates when the manufactures push them out and am prompted?  

Just wondering, bit confused.  I continue to love the Core!  Thx

Kudos3 Stats

Re: KRACK WPA2 Attack

 "Fortunately, your Norton Core Secure WiFi router is not affected by this new threat. However, devices connected to Norton Core may still be vulnerable. Wi-Fi users should check with their other device manufacturers to see if a software update is available to fix this vulnerability.

As long as your wifi enabled laptop, or Android,or IOS devices are connected to the Core, they are protected. When you move to any other network, they are no longer protected by the Core, and you have to provide additional protection until your device manufacturers provide patches for your devices. Using a VPN will encrypt your data being sent from your devices, protecting passwords and other personal information.

Things happen. Export/Backup your Norton Password Manager data.
Kudos1 Stats

Re: KRACK WPA2 Attack

Read my comment above your’s. For complete protection from KRACK, both routers AND WIRELESS DEVICES (like cell phones, tablets, computers, IOT devices, etc.) need to be patched. The KRACK flaw occurs when devices FIRST CONNECT to a wireless network. Even if the router is patched, YOUR DEVICE can still be attacked when it connects to the WiFi network. That is routers and devices need to be patched for KRACK. This KRACK FAQ explains it very well. https://www.google.com/amp/s/www.cnet.com/google-amp/news/krack-microsof...

Kudos0

Re: KRACK WPA2 Attack

Ah, thank you @peterweb - now that makes total sense!!!!

@Richard1864 - my IoT devices won't be connected to/thru any other external WIFI networks other than the Core, internally only.  So they are protected then, correct?  And will be updated upon manufacturers pushing them out.

Kudos0

Re: KRACK WPA2 Attack

The VPN will protect you AFTER you have connected to the WiFi network, but NOT during the initial handshake (logon) process when you FIRST connect to said network; the flaw (and potential attack) occur during that handshake, and VPN’s don’t provide protection until AFTER the handshake has completed and AFTER you’re connected to the network.
Kudos0

Re: KRACK WPA2 Attack

Interesting Perm. I have Nortons WIFI privacy crap....too damn slow. The tech support right now in minimal to ZERO

Kudos0

Re: KRACK WPA2 Attack

I tried the Norton WiFi! Sucks! You’re right wayyyyy to slow, I removed it quick, before I throw my phone into the wall!

Jim The Greek
Kudos0

Re: KRACK WPA2 Attack

Okay, KRACK affects *clients* not routers acting as routers.  The way routers can be vulnerable is if you have multiple routers connected together as a mesh network.  In that case, when they're communicating with each other, one of them is acting as the client, and can therefore be vulnerable.  If you've got a single router, that's not an issue.

BUT this is a fundamental flaw with WIFI (WPA2).  It needs to be fixed on all clients.  Windows and Apple's stuff weren't vulnerable, though Windows got an official patch a week ahead of time, and Apple's getting official patches soon.

It's a virtual certainty that all "internet of things" things are vulnerable.  If it's got wifi, if it hasn't gotten a patch that explicitly fixes this (and most things won't) it's vulnerable.  

If you've got Windows you're already fixed (assuming you let updates install of course), BUT like Symantec mentions, a VPN can offer protection on an OS that is vulnerable (except of course that doesn't help with "internet of things" things!)  

Someone mentioned that the KRACK vulnerability happens during the initial WIFI handshake, and seems to be saying that means a VPN doesn't help, but that's not true.  This breaks wifi encryption-it doesn't mean that encryption you're running through a wifi connection is broken.  

Thankfully most sites, most services that matter are encrypted now-and if you're connected to a website with TLS, or through a VPN, etc., on a vulnerable client then while someone could see your data...they'd just be seeing data that's encrypted, and couldn't do anything with it (though they could see things like where that data is going, in the case of like secure websites).
 

The above is kind of meaningless on Windows/Apple devices, as you're already fixed (or will be officially fixed soon), and the "internet of things" things which are almost certainly vulnerable of course can't run VPNs to begin with (although MIGHT be implementing some sort of secured connection to whatever they're connecting to on their own).

Mostly it's a complete disaster we have so many devices now (including every single TV!) that have all this computing hardware but aren't from companies that actually care about security.  Not just for this, but for countless other vulerabilities.

Kudos0

Re: KRACK WPA2 Attack

First off, a VPN does NOT work until AFTER you have connected to a network. If you are NOT connected to a network than the VPN does NOT protect you. While you are connecting to a network, which is when the KRACK flaw occurs, the VPN is NOT working until AFTER the network connection finishes. Every major VPN vendor has confirmed that a VPN will NOT protect users from KRACK unless their device operating system is patched and the router is patched. Second KRACK affects ALL routers, not just mesh networks. Mesh networks are actually MORE vulnerable because of the multiple access points making up the mesh network, but all are vulnerable. Third, Apple and Windows devices ARE vulnerable to KRACK. Microsoft has patched Windows 7-10. Apple is releasing their patch within the next week. KRACK is flaw within the WPA2 protocols which are used by every device when connecting wirelessly to a network, not the operating system itself. That’s why so many computers and other devices are vulnerable. Details here: https://krebsonsecurity.com/2017/10/what-you-should-know-about-the-krack...
Kudos0

Re: KRACK WPA2 Attack

There's one thing you're saying that's vital-everyone NEEDS to make sure any Internet connecting device receives updates, and quit using them if they don't.

That said, AGAIN, no, VPNs don't FIX KRACK-only an update to the OS/firmware of the device in question can fix the update...but VPNs *DO* mitigate the issue.  Decrypting wifi doesn't get an attacker anything if all they're getting is ALSO encrypted-as it is with a VPN (or with TLS encrypted web traffic and the like).  You're focusing on one thing-that it's not "fixing" KRACK-and ignoring that it *IS* mitigating it as that decrypted wifi signal is still just gibberish, encrypted by the VPN.

And AGAIN, except for Android devices, it's largely a moot point, as Windows was fixed BEFORE the announcement (and was largely invulnerable anyway) and Apple's in the same boat save that the official fix is in public betas that were already out at the time of the announcement.  If you're on a WIndows PC, there's no need to mitigate KRACK because it's already been fixed, but if it hadn't already been fixed, then a VPN WOULD make it irrelevant.  It would be no different than your data traveling across the open internet...which it already is at some point anyway.

"KRACK is flaw within the WPA2 protocols which are used by every device when connecting wirelessly to a network, not the operating system itself"

Again that's oddly phrased and misses the point.  That software is PART OF THE OS, even if that OS just amounts to some firmware running on an "internet of things" thing (probably Linux, but regardless).

"Mesh networks are actually MORE vulnerable"

You're acting like I said otherwise.  As I said, mesh networks are vulnerable because you've got access points communicating with each other as clients-and this is a client vulnerability.  It's not an issue *IF* your access point never acts as a client.  If your home has more than one access point, the routers are probably vulnerable too (in addition to any vulnerable clients).

This is something that HAS to be fixed on the client side, as that's where the flaw in how WPA2 works occurs.  (Which INCLUDES wireless access points acting as clients to other wireless access points.)

It's worth noting too that this exploit has to be done locally-but absolutely could be with inexpensive equipment.  

The important takeaway is to realize that any devices that need updates that haven't gotten them, when you're using wifi, you have to assume that even if it's WPA2 encrypted, a bad guy could be decrypting it-you have to treat that device's Internet connection just as you would if you were using unencrypted wifi.

Kudos0

Re: KRACK WPA2 Attack

a bad guy could be decrypting it-

They cannot decrypt it. They can intercept it, but as you say it is gibberish so the data is useless to them.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: KRACK WPA2 Attack

What are you guys talking about? That’s the same article I mentioned from the beginning of this thread! https://community.norton.com/en/comment/7680111#comment-7680111 Nothing'schanged! We’re STILL unsafe, and even if they find a patch, they have to fix the auto update issue first!
Jim The Greek

This thread is closed from further comment. Please visit the forum to start a new thread.