Lezers,
Op 16 oktober publiceerden Mathy Vanhoef en Frank Piessens van de Universiteit van Leuven een document waarin een reeks kwetsbaarheden wordt beschreven die de Wi-Fi Protected Access (WPA) en de Wi-Fi Protected Access II (WPA2) protocollen beïnvloeden.
Dit zijn kwetsbaarheden op protocolniveau van draadloze leveranciers en draadloze clients(adapters) die de huidige WPA- en WPA2-specificaties volgen. Deze kwetsbaarheden werden ook aangeduid als “KRACK” (Key Reinstallation AttaCK) en de details werden gepubliceerd op: https://www.krackattacks.com
De meeste wlan client adapters moeten worden geupdate om de ‘supplicant‘ te voorzien van een beveiligings update: Er zijn 10 beveiligingslekken ontdekt waarvan Intel er inmiddels twee heeft geidentificeerd en gerepareerd. De overige lekken moeten in het Operating Systeem(bv Windows) en/of door de draadloze leveranciers gerepareerd worden:
Intel adapter-driver fix : CVE-2017-13081 & CVE-2017-13080
Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols – integrity group key reinstallation during the group key handshake vulnerability : CVE ID: CVE-2017-13081
A vulnerability in the processing of the 802.11i group key handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used integrity group key.
The vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.
Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols – group key reinstallation during the group key handshake vulnerability : CVE ID: CVE-2017-13080
A vulnerability in the processing of the 802.11i group key handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used group key.
The vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.
Intel heeft voor de volgende Intel Wlan-adapters een update uitgebracht:
- Intel® Dual Band Wireless-AC 3160
- Intel® Dual Band Wireless-AC 3165
- Intel® Dual Band Wireless-AC 3168
- Intel® Dual Band Wireless-AC 7260
- Intel® Dual Band Wireless-AC 7265
- Intel® Dual Band Wireless-AC 8260/8265/9260
PROSet/Wireless Software and Driversversion 20.0.2 for Windows 7, Windows 8.1 and Windows 10:
- WiFi_20.0.2_PROSet32_Win7.exe (32-bit)
- WiFi_20.0.2_PROSet64_Win7.exe (64-bit)
- WiFi_20.0.2_PROSet32_Win8.1.exe (32bit)
- WiFi_20.0.2_PROSet64_Win8.1.exe (64bit)
- WiFi_20.0.2_PROSet64_Win10.exe
- WiFi_20.0.2_PROSet32_Win10.exe
Driver version = 19.10.9.2 for Windows 7 for 18265, 8265, 3168, 18260, 8260, 17265 and 3165.
Driver version = 18.33.9.3 for Windows 7 for 7265, 7260, and 3160
Intel® PROSet/Wireless Software and Drivers for Windows 7
Driver version = 19.10.9.2 for Windows 8.1 for 18265, 8265, 3168, 18260, 8260, 17265, and 3165.
Driver version = 18.33.9.3 for Windows 8.1 for 7265, 7260, and 3160.
Intel® PROSet/Wireless Software and Drivers for Windows 8.1
Driver version = 20.0.2.3 for Windows 10 for 18265, 8265, 18260, 8260.
Driver version = 19.51.7.2 for Windows 10 for 3168, 3165, and 17265.
Driver version = 18.33.9.3 for Windows 10 for 7265, 3160, and 7260.
Intel® PROSet/Wireless Software and Drivers for Windows® 10
Er is ook een ‘driver only’ version beschikbaar :
- Windows 10 32-bit: WiFi_20.0.2_Driver32_Win10.zip
- Windows 10 64-bit: WiFi_20.0.2_Driver64_Win10.zip
- Windows 8.1 32-bit: WiFi_20.0.2_Driver32_Win8.1.zip
- Windows 8.1 64-bit: WiFi_20.0.2_Driver64_Win8.1.zip
- Windows 7 32-bit: WiFi_20.0.2_Driver32_Win7.zip
- Windows 7 64-bit: WiFi_20.0.2_Driver64_Win7.zip
Bron INTEL-SA-00101 : https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr
Daarnaast is het belangrijk om te weten dat de volgende Intel Wlan Adapters niet meer worden ondersteund. Hier komen dus ook geen beveiligingsupdates meer voor beschikbaar(!):
Product Name | Effective Date |
Intel® My WiFi Dashboard |
August 14, 2017 |
Intel® Centrino® Advanced-N + WiMAX 6250 |
September 16, 2016 |
Intel® Centrino® Wireless-N + WiMAX6150 |
September 16, 2016 |
Intel® Centrino® Wireless-N 2200 |
September 16, 2016 |
Intel® Centrino® Advanced-N 6230 |
September 16, 2016 |
Intel® Centrino® Advanced-N 6200 |
September 16, 2016 |
Intel® Centrino® Wireless-N 130 |
September 16, 2016 |
Intel® Centrino® Wireless-N 100 |
September 16, 2016 |
Intel® Centrino® Wireless-N 1030 |
September 16, 2016 |
Intel® Centrino® Wireless-N 1000 |
September 16, 2016 |
Intel® WiFi Link 5300 |
June 1, 2016 |
Intel® WiFi Link 5100 |
June 1, 2016 |
Intel® WiMAX/WiFi Link 5350 |
June 1, 2016 |
Intel® WiMAX/WiFi Link 5150 |
June 1, 2016 |
Intel® Wireless WiFi Link 4965AGN |
December 31, 2013 |
Intel® Pro/Wireless 3945ABG |
December 31, 2013 |
Intel® Pro/Wireless 2915ABG |
December 31, 2009 |
Intel® Pro/Wireless 2200BG |
December 31, 2009 |
Bron Customer Support Options for Discontinued Intel® Wireless Products : https://www.intel.com/content/www/us/en/support/articles/000006507/network-and-i-o/wireless-networking.html
Windows® 10 ondersteunt industriële standaardprotocollen zoals 802.11r, 802.11k en 802.11v.(Apple ondersteunt ook deze standaarden)
Onderstaande tabel toont de Intel® Wireless Adapters en protocollen.
Product | 802.11k | 802.11v | 802.11r |
Intel® Tri-Band Wireless-AC 18265 | Yes | Yes | Yes |
Intel® Dual Band Wireless-AC 8265 | Yes | Yes | Yes |
Intel® Tri-Band Wireless-AC 18260 | Yes | Yes | Yes |
Intel® Tri-Band Wireless-AC 17265 | Yes | Yes | Yes |
Intel® Dual Band Wireless-AC 8260 | Yes | Yes | Yes |
Intel® Dual Band Wireless-AC 3168 | Yes | Yes | Yes |
Intel® Dual Band Wireless-AC 3165 | Yes | Yes | Yes |
Intel® Dual Band Wireless-AC 7265 | Yes | Yes | Yes |
Intel® Dual Band Wireless-N 7265 | Yes | Yes | Yes |
Intel® Wireless-N 7265 | Yes | Yes | Yes |
Intel® Dual Band Wireless-AC 3160 | No | No | No |
Intel® Dual Band Wireless-AC 7260 | No | No | No |
Intel® Dual Band Wireless-N 7260 | No | No | No |
Intel® Wireless-N 7260 | No | No | No |
Bron Windows® 10 and Supported Intel® Wireless Adapter Protocols : https://www.intel.com/content/www/us/en/support/articles/000021562/network-and-i-o/wireless-networking.html