The recent KRACK vulnerability has made me worried about taking my Pi out with me in public areas. I was wondering if the Raspian/Linux dist would of updated the WiFi driver automatically to protect from the vulnerability or do I need to do somthing like "sudo rpi-update" to do this.
Asked
Active
Viewed 97 times
1 Answers
3
My glance at this: https://www.krackattacks.com/ and this: https://en.wikipedia.org/wiki/KRACK points to a few preliminary conclusions.
Although initially pretty much everyone with a consumer device (Android, Windows, iOS, macOS, freeBSD...) was vulnerable to some form of exploit because of this, they've all, with one apparent unfortunate exception, patched it. I did not follow up on how successful this was.
The problem on GNU/Linux isn't with kernel code (which includes wifi driver stuff), or it would have been dealt with by now too. It's with a userspace tool used for handling the WPA(2) protocol,
wpa_supplicant(that thing you provide a password to in a configuration file). It apparently hasn't been updated in 19 months, which is when the last entry in their changelog is. But...
Before I get to that: The first point is relevant because it means the vast majority of targets aren't targets anymore -- presuming they've all been updated. I still think miscreants are more likely to be looking for vulnerable devices in that realm.
It looks (again, at a glance) to me like different systems fall prey to variants of the exploit, meaning someone would have to be targeting wpa_supplicant in particular.
\O/
I noticed this a while ago:
> stat $(which wpa_supplicant)
File: /usr/sbin/wpa_supplicant
Size: 2102264 Blocks: 4112 IO Block: 4096 regular file
Device: 10307h/66311d Inode: 2239721 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2018-06-06 07:48:28.168440821 -0400
Modify: 2017-11-01 08:44:08.000000000 -0400
Change: 2017-11-11 07:44:55.499106515 -0500
Birth: -
That's on Fedora. Note the modify/change times.
> stat $(which wpa_supplicant)
File: /sbin/wpa_supplicant
Size: 1368104 Blocks: 2680 IO Block: 4096 regular file
Device: b302h/45826d Inode: 2809 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-10-30 10:56:02.686072537 -0400
Modify: 2017-10-14 08:18:32.000000000 -0400
Change: 2017-10-30 10:56:02.686072537 -0400
Birth: -
That's on Debian; Raspbian will be the same and so will pretty much all other mainstream distros. The wpa_supplicant executable was replaced a few weeks after the KRACK CVE's were published (Android, which also uses wpa_supplicant, was patched a bit less than a week after that according to the wikipedia page). Although that CVE was updated recently (implying no one may be out of the woods yet), the major issue would be people learning about the original problem because it was published online, but that is dealt with.
If you pop that CVE into the Debian security bug/fix tracker:
https://security-tracker.debian.org/tracker/CVE-2017-13088
If you look at the bottom of that Debian security page, there is a link to patches dated in Oct 2017; the wpa supplicant update was at the end of that month -- you can relax now.
goldilocks
- 58,859
- 17
- 112
- 227
-
1Thanks for the very detailed reply! So you're saying because the updated wpa_supplicant was pushed after the KRACK CVE was published, the Pi wouldn't be a target as the vulnrability is fixed? – LtMuffin Jun 06 '18 at 13:06
-
1all debian versions in the CVE are marked as fixed, so, if your system is up to date, which is probably the case for someone worried about vulnerabilities, you're in the clear. – Gerard H. Pille Jun 06 '18 at 13:09
-
Ditto -- there are multiple CVE's related to KRACK, I just used the last one as an illustration. If you look at the bottom of that Debian security page, there is a link to patches dated in Oct 2017; the wpa supplicant update was at the end of that month. – goldilocks Jun 06 '18 at 14:44