All WPA2 WiFi security is broken?

Chewy509

Wotty wot wot.
Joined
Nov 8, 2006
Messages
2,930
Location
Gold Coast Hinterland, Australia
#5
The discussion on Slashdot says that only one side needs to be patched to block the attack, so that helps some.
That's pretty much what I gathered reading the original research paper.

Let's see how long it takes for all the network gear providers (Netgear, DLink, Sagecom, Technicolor, Cisco, TP-Link, etc) to release patches for any wireless enabled devices.
It'll be interesting to see when all those other WiFI enabled devices (TVs, Blu-Ray players, IoT devices, etc) all get patches as well...

FYI. patches for wpa_supplicant have been released, therefore most GNU/Linux distributions should see patches shortly. (RHEL, Ubuntu, SUSE, Arch, Gentoo have all released patches).
 

Stereodude

Not really a
Joined
Jan 22, 2002
Messages
10,181
Location
Michigan
#7
It'll be interesting to see when all those other WiFI enabled devices (TVs, Blu-Ray players, IoT devices, etc) all get patches as well...
This one is easy. Never...

If it's an expensive name brand piece of equipment like a TV or something like a Blu-Ray player and it's only a few years old they might get a firmware update, but the extreme majority of devices are going to be left out in the cold. I wouldn't even presume that most networking gear with an AP will get an update if it's more than a few years old.
 

Chewy509

Wotty wot wot.
Joined
Nov 8, 2006
Messages
2,930
Location
Gold Coast Hinterland, Australia
#10
The real interesting thing to come out of this issue, is watching how vendors react to it... It certainly makes you really consider where to spend your money in future... (eg only start purchasing from those that are proactive in getting this fixed)...
 

timwhit

Hairy Aussie
Joined
Jan 23, 2002
Messages
5,278
Location
Chicago, IL
#12

Handruin

Administrator
Joined
Jan 13, 2002
Messages
12,852
Location
USA
#13
They did not show up automatically for me. I logged into the UniFi controller and copy & pasted the URL from that page I linked into the custom upgrade field to load it into my AP. This is where I did the upgrade from in the lower right corner. I read in their forums that once you do this upgrade the normal upgrade button at the top will be confused with thinking it will need an upgrade when in fact it's a downgrade. This will get addressed shortly.

UAP-update.jpg

UAP-update-error.jpg
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
12,852
Location
USA
#15
I haven't followed the development of the controller at all so I can't say without googling or looking through their forums more. I only saw it as a comment from one of their community members regarding the incorrect upgrade. It probably won't be long given the amount of press this vulnerability has. What's your concern with just doing the custom upgrade?
 

sechs

Storage? I am Storage!
Joined
Feb 1, 2003
Messages
4,635
Location
Left Coast
#16
As I understand it, this is a difficult hack that requires access to the signal. I doubt that most of us yucks will be targets when there are sweet business networks to hack.
 

snowhiker

Wannabe Storage Freak
Joined
Jul 5, 2007
Messages
1,439
#17
Well at least I updated my routers firmware. It's dated 17-July-2017 so it doesn't contain the needed fixes for the WPA2 issues but at least is newer than the 2013 firmware that it originally came with. ;)
 

Chewy509

Wotty wot wot.
Joined
Nov 8, 2006
Messages
2,930
Location
Gold Coast Hinterland, Australia
#18
TP-Link's response was what I would consider typical... Let's EOL a whole stack of devices, and claim no support for them since they are now EOL. (Only current models/revisions for each current model device are set to receive updates).

From what I've seen this sort of behaviour will affect Android based devices most. No word yet from the major players about updates for last/prior models yet. (that I've seen).
 

sechs

Storage? I am Storage!
Joined
Feb 1, 2003
Messages
4,635
Location
Left Coast
#20
None of my network infrastructure devices needed an update (they're apparently not susceptible to the hack). Since only one side needs to be safe, I only have to worry when attached to other networks.

Also, since the hack works on HTTP injection, using encrypted connections totally defeats it.
 
Top