That is one smoking fast update
release. Demo works in perfect environment, but I wonder if there are some settings on AP that help to prevent successful exploitation of this vulnerability before(if ever) firmware updates are released by device manufacturers. Such as setting re-keying delay to one minute (it is usually 3600sec or 7200sec), so attacker will be forced to perform successful exploitation every minute. Or disabling SSID broadcasting and setting channel to fixed value on AP and client, so this should prevent rogueAP from tricking client to connect to it. Also setting power of AP transmitter to the maximum should prevent situation where client will talk to rogueAP or make it significantly harder, because rogueAP have to be closer to client. I'm waiting for PoC scripts release to test it all out. On 16.10.2017 20:57,
tv.debian@googlemail.com wrote:
On 16/10/2017 21:12, Curt wrote: -- With kindest regards, Alexander. ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org ⠈⠳⣄⠀⠀⠀⠀ |