Jump to content
News Ticker
  • Welcome to 2021, let's hope it is better than 2020.
  • ALERT - Wi-Fi security flaw found (WPA2)


    Ztuke
     Share

    Recommended Posts

    Hello and stay calm, there is no need to start panicking.

     

    Okay feeling calmer?

    Then I will try and give you a brief summary of this discovery while trying my best to avoid as much of the techno-babel as I can. For the tech heads out there, this will not include details or in-depth descriptions, use Google for those.

     

    First off, what is Wi-Fi?

    Wi-Fi is a system of equipment and code that allows various electronic devices to communicate with and through each other without actually being connected by a physical link.

     

    Okay, so what is WPA2?

    WPA2 is one of the latest (widely implemented 2004) and commonly used security specifications and protocols used in most wireless equipment found today.

     

    I'm still in the dark here as to what the problem is?

    I'm coming to that, but the short version is that earlier this month (October 2017), it was made public that a flaw in this security system had been found. This flaw applies to the early WPA and WPA2 protocols and allows anyone WITHIN range of your Wi-Fi system with the knowledge, code and equipment to intercept the initial 'contact' between your device (cell phone if it is using Wi-Fi, tablet, notebook, laptop or anything else you may have) and the access point (Modem/Hub, Hub or Router). 

    So, to start with, the bad guy has to be close enough to get a usable signal from your Wi-Fi, there is a range limit here.

    During this initial 'contact' the system is vulnerable and this is where the problem lays.

     

    What can I do, NOW?

    First off, do NOT panic. Yes, this is a potentially very serious situation but panicking and taking knee-jerk actions can make things far worse. Remember, the media and press who are reporting this make their living by 'exaggerating' a news report so they get ahead of their competitors.

    Now, take a deep breath, hold it for five seconds and slowly let it out. Do this two or three times.

    Right then, first a warning, what follows is going to include some tech talk, sorry about that.

    Do NOT, REPEAT NOT switch to WPA, WPS, WEP or any of the older protocols, some of those can be broken in seconds!

     

    For those of you running a Linux operating system, there is a patch already available. Ubuntu 14.04+, Arch, OpenBSD, Debian, Gentoo, Linux upstream users can patch now. OpenBSD was patched back in July.

    For those of us running the Windows operating system, Microsoft considers their latest flagship operating system (Windows 10) to generally be safe, they are not taking any chances and have released a security fix already. (Windows 7, 8, 8.1, 10 Security Bullitin)

     

    For other operating system and firmware users I will include the following list which was correct as of 08:47 AM (ET) October 17th 2017.

     

    Fixed

    Intel Chipsets - Updates available for various chipsets

    Lineage OS - Fix merged with regular update due this week (23rd Oct)

    UniFi - Firmware 3.9.3 resolves the issue

    Microtik - Router OS v6.39.3, v6.40.4, v6.41rc and up

    DD-WRT - Core code fixed, waiting for builds to roll out

    Meraki - Fixed with Meraki 24.11 and 25.7

    Aruba - Updates available across Aruba hardware

    FortiNet - FortiAP 5.6.1 and up fix the issue

    Cisco - Updates available across Cisco hardware

    Synology - Fix available

     

    Pending or in Beta

    macOS - macOS 10.11.1 (beta only)

    Raspberry Pi - Jessian, Stretch fixed. Wheezy and others by October 17

    Android - Fixed at patch level "November 6, 2017." Rolls out soon to Pixel + Nexus

    Samsung - Modern Samsung devices receive Google security patches, but older ones don't. No comment on those

    iOS - iOS 11.1, out in a few weeks

    Netgear - No release available, but due "soon"

    LEDE - Fix available in nightly builds

    Eero - eerOS 3.5 and up

     

    No Fix KNOWN!

    Google WiFi - Google says a fix will roll out "soon"

    Apple Airport - Apple has not responded to requests for comment

    AVM - Aware of issue but won't update unless "necessary"

    TP Link - The company doesn't know if it's affected

    KPN (NL) - Statement released with no fix information

    Nest - Reportedly Nest is telling customers their devices aren't affected

    Sonos - No response to queries

    Amazon - "In the process of reviewing devices." No fix issued for Echo etc

    Belkin - "Aware of the issue" but no fix for Wemo/Linksys devices

     

    OTHER things

    CERT (Computer Emergency Response Team - Carnegie Mellon University) - This is an exhaustive list and not an easy read!

     

    OFF Topic but related

    For General security instruction on how to protect yourself, I highly recommend starting here!

     

    Please note that i will not be updating this post due to the sheer time involved in checking all the sites required and my current work load.

     

    For further details, please either Google "wifi security flaw wpa2" or check out some of the links listed below.

    Original SOURCE notification post

    The Guardian

    Wired

    Centre for Internet Security

     

    Edited by Ztuke
    • Upvote 1
    Link to comment
    Share on other sites

    Guest
    Reply to this topic...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    Loading...
     Share

    ×
    ×
    • Create New...