This is more about keeping proximate attackers from breaching a wireless network. I asked ChatGPT how likely this might occur for a home user. What follows is the response.
The likelihood of a home user having their WPA2 encryption breached depends on several factors, including the security measures they have in place and their proximity to potential attackers. Here are some key points to consider:
1. Proximity to the attacker: For an attacker to exploit the KRACK vulnerability, they need to be within range of the Wi-Fi network. This means that home users are generally at lower risk compared to public Wi-Fi networks where attackers can more easily get close to the router.
2. Device vulnerabilities: Some devices are more vulnerable to KRACK attacks than others. For example, many Android devices were found to be particularly susceptible Keeping devices updated with the latest security patches can help mitigate this risk.
3. Network security practices: Using strong, unique passwords for your Wi-Fi network and enabling additional security measures, such as a VPN, can further protect your network from potential breaches.
4. Awareness and vigilance: Being aware of potential threats and regularly monitoring your network for unusual activity can help you detect and respond to any potential breaches quickly.
While the KRACK vulnerability is a serious concern, taking these precautions can significantly reduce the risk of a WPA2 breach for home users.
I too find this very interesting and wonder about security on these devices. I saw your post and it had me even more worried. My devices live behind a firewall and 2 days ago I upgraded one of the Antipodes devices from AMS V4.4. to AMSv5.0.1. During the upgrade my device hung on the page displaying the message “Installing Roon Server…” After several hours waiting, I decided that i just needed to reboot the server (against vendor instructions). The upgrade was successful. However on inspecting my firewall logs later that evening I see I had an attack >>vlc-media-player-mms-plugin-buffer-overflow<< to the roon machine I was upgrading at the time of the upgrade. Details of the compromise can be found here >>https://www.fortiguard.com/encyclopedia/ips/31431/videolan-vlc-media-player-mms-plugin-buffer-overflow<< My suspicion is that there is “VLC Media Player” code installed in the upgrade and this file is compromised. The attackers location was from “202.36.220.86” which is linked to an ISP in NZ. I am awaiting a reply from Antipodes to another question I have asked so that I can post all my screenshots to them for consideration. This compromise allows remote attackers to can gain control of vulnerable systems. So it would not surprise me someone could remotely change all your files.
I have used VLC media for years, years ago in a previous employ. It is free open source software, and it worked beautifully. I am sure there was some spyware installed, same as Google and everybody else, but never had any issues. I would consider the company to be reputable. Just wondering if you have that software installed, or have you no experience with VLC?
No I don’t have VLC media player installed “knowingly” on my network. This was a one off attack from WAN to LAN (specifically antipodes server I was updating). As it is such an old vulnerability my firewall would have picked it up ages ago if it had occurred in the past. The same antipodes server running AMS 4.4 and previously 4.1 never had such alerts. I have only ever uploaded FLAC and DSD files to this machine. I have no knowledge of what software runs on the Antipodes machines other than Linux.
Hi @Winnifred we don’t install any VLC packages installed in our servers The attackers in question with that IP is coming directly from our office headquarters!
Haha but in all seriousness, your anti-malware has correctly pointed out that our office is sending packets to your server, but the compromised attack that is being detected by your anti-malware is the update instructions sent from our HQ which is not malware nor is it a VLC buffer overflow attack.
This is highly likely a false positive report. Most likely the AMS update screen which left opened on your browser was continuing to recieve update information from our HQ and the anti-virus software correctly picked up that your device seems to be constantly recieving information, but this information is neither malicious nor is it to do with VLC.
Most likely the anti-virus saw what seems to be a buffer overflow attack, and guessing the words used in the update scripts it seems to be information to a ‘music server’ and in their database its best guess is the attack is “a media player buffer overflow attack” AKA: videolan-vlc-media-player-mms-plugin-buffer-overflow
In regards to heighted security on our music servers we do our best and do our due dilegence (I double checked our updates don’t have anything remotely related to VLC) but we do not comprimise our user’s experience as well.
(At the end of the day its a balance between a secure music server and a server that can work in many network configurations)
Phew! That is a relief, & I understand about it most likely being a false positive. After your explanation I’m sure it was. And yes, the browser window was open a long time until it timed out. Good news alround
The attackers in question with that IP is coming directly from our office headquarters!