Search the Community
Showing results for tags 'security flaw'.
Found 1 result
Hello and stay calm, there is no need to start panicking. Okay feeling calmer? Then I will try and give you a brief summary of this discovery while trying my best to avoid as much of the techno-babel as I can. For the tech heads out there, this will not include details or in-depth descriptions, use Google for those. First off, what is Wi-Fi? Wi-Fi is a system of equipment and code that allows various electronic devices to communicate with and through each other without actually being connected by a physical link. Okay, so what is WPA2? WPA2 is one of the latest (widely implemented 2004) and commonly used security specifications and protocols used in most wireless equipment found today. I'm still in the dark here as to what the problem is? I'm coming to that, but the short version is that earlier this month (October 2017), it was made public that a flaw in this security system had been found. This flaw applies to the early WPA and WPA2 protocols and allows anyone WITHIN range of your Wi-Fi system with the knowledge, code and equipment to intercept the initial 'contact' between your device (cell phone if it is using Wi-Fi, tablet, notebook, laptop or anything else you may have) and the access point (Modem/Hub, Hub or Router). So, to start with, the bad guy has to be close enough to get a usable signal from your Wi-Fi, there is a range limit here. During this initial 'contact' the system is vulnerable and this is where the problem lays. What can I do, NOW? First off, do NOT panic. Yes, this is a potentially very serious situation but panicking and taking knee-jerk actions can make things far worse. Remember, the media and press who are reporting this make their living by 'exaggerating' a news report so they get ahead of their competitors. Now, take a deep breath, hold it for five seconds and slowly let it out. Do this two or three times. Right then, first a warning, what follows is going to include some tech talk, sorry about that. Do NOT, REPEAT NOT switch to WPA, WPS, WEP or any of the older protocols, some of those can be broken in seconds! For those of you running a Linux operating system, there is a patch already available. Ubuntu 14.04+, Arch, OpenBSD, Debian, Gentoo, Linux upstream users can patch now. OpenBSD was patched back in July. For those of us running the Windows operating system, Microsoft considers their latest flagship operating system (Windows 10) to generally be safe, they are not taking any chances and have released a security fix already. (Windows 7, 8, 8.1, 10 Security Bullitin) For other operating system and firmware users I will include the following list which was correct as of 08:47 AM (ET) October 17th 2017. Fixed Intel Chipsets - Updates available for various chipsets Lineage OS - Fix merged with regular update due this week (23rd Oct) UniFi - Firmware 3.9.3 resolves the issue Microtik - Router OS v6.39.3, v6.40.4, v6.41rc and up DD-WRT - Core code fixed, waiting for builds to roll out Meraki - Fixed with Meraki 24.11 and 25.7 Aruba - Updates available across Aruba hardware FortiNet - FortiAP 5.6.1 and up fix the issue Cisco - Updates available across Cisco hardware Synology - Fix available Pending or in Beta macOS - macOS 10.11.1 (beta only) Raspberry Pi - Jessian, Stretch fixed. Wheezy and others by October 17 Android - Fixed at patch level "November 6, 2017." Rolls out soon to Pixel + Nexus Samsung - Modern Samsung devices receive Google security patches, but older ones don't. No comment on those iOS - iOS 11.1, out in a few weeks Netgear - No release available, but due "soon" LEDE - Fix available in nightly builds Eero - eerOS 3.5 and up No Fix KNOWN! Google WiFi - Google says a fix will roll out "soon" Apple Airport - Apple has not responded to requests for comment AVM - Aware of issue but won't update unless "necessary" TP Link - The company doesn't know if it's affected KPN (NL) - Statement released with no fix information Nest - Reportedly Nest is telling customers their devices aren't affected Sonos - No response to queries Amazon - "In the process of reviewing devices." No fix issued for Echo etc Belkin - "Aware of the issue" but no fix for Wemo/Linksys devices OTHER things CERT (Computer Emergency Response Team - Carnegie Mellon University) - This is an exhaustive list and not an easy read! OFF Topic but related For General security instruction on how to protect yourself, I highly recommend starting here! Please note that i will not be updating this post due to the sheer time involved in checking all the sites required and my current work load. For further details, please either Google "wifi security flaw wpa2" or check out some of the links listed below. Original SOURCE notification post The Guardian Wired Centre for Internet Security