Is there a way for most of the field clients to lock their channel to the one they know their secured AP is handling?
If I look at my channel can I tell immediately if there is an attack AP on me?
Asked
Active
Viewed 153 times
1 Answers
3
Is there a way for most in the field clients to lock their channel to the one they know their secured AP is handling?
Irrelevant, but I will get to that in a moment.
If i look at my channel can i tell immediately if there is an attack AP on me?
Maybe, but again that doesn't matter. The attack demonstrated by the discoverer of the KRACK vulnerability was just a proof of concept attack. It was not meant to provide a model for any sort of real world exploit. Just because that demonstration used a change in channel doesn't mean that any real world exploit would do so, it was simply a mechanism that allowed an easier demonstration of the exploit at work. Expect real world attacks to be a bit more "clever" than a proof of concept.
Put another way, the KRACK vulnerability doesn't depend on any sort of change in channel, it is purely an attack on the WPA/WPA2 handshake. While the change in channel may make some aspects of the attack easier, it isn't entirely necessary.
So depending on detecting a change in channel does not really provide you any protection, especially since many sites (including an increasing number of homes) also use multiple channels as part of normal operation. If you want to provide protection against KRACK, upgrade devices as soon as patches are available for your device.
Further, many consumer devices will auto select a channel, often at the time they boot or at scheduled intervals. If your device reboots for any reason, it may change channel itself. The change in channel is no sign of an actual attack.
YLearn
- 3,967
- 1
- 17
- 34