WPA2 vulnerability revealed - update your devices NOW!

If it's not ZDoom, it goes here.

Re: WPA2 vulnerability revealed - update your devices NOW!

Postby wildweasel » Tue Oct 17, 2017 8:25 am

Viscra Maelstrom wrote:i can't find any new updates for the firmware on our router over here, should i be worried? it doesn't detect any updates when i check for them in the router settings, and the site that supposedly should have my model on it (Netgear) doesn't yield any results for our router (OnNetworks 300R).

If you can't update your router, at least see if you can update your clients (mobile phones, computer OSes, etc).
User avatar
wildweasel
I love the smell of sourdough in the morning
 
Joined: 15 Jul 2003
Location: avatar by kurashiki

Re: WPA2 vulnerability revealed - update your devices NOW!

Postby Rachael » Tue Oct 17, 2017 8:26 am

Keep checking.

Hopefully it's not an outdated model - if it is, I expect in the coming weeks users will find a way to patch the WPA2 driver in the firmware manually.
User avatar
Rachael
 
Joined: 13 Jan 2004

Re: WPA2 vulnerability revealed - update your devices NOW!

Postby Princess Viscra Maelstrom » Tue Oct 17, 2017 8:40 am

apparently the router we use is EOL. according to this, the closest i would be able to find firmware-wise for it is for the WNR2000v5. is it safe though to use firmware that's meant to be compliant for another model of router?

edit: also worth mentioning is that Netgear doesn't seem to list that model as being vulnerable.
User avatar
Princess Viscra Maelstrom
wud u stop
 
Joined: 04 Dec 2008
Location: plergleland

Re: WPA2 vulnerability revealed - update your devices NOW!

Postby Rachael » Tue Oct 17, 2017 8:55 am

No, it is not safe. Not unless the drivers are all the same - the moment you mess up the drivers, the whole thing is gone.

Your best bet is to wait until a user patch is created that covers a lot of models that specifically targets the WPA2 drivers without affecting the rest of the system. Of course, getting in and gaining root access in order to install it is a different story.

Alternatively, if the router belongs to your ISP, see if you can negotiate with them to get a newer one. ISP's typically don't have a problem keeping you up to date on routers if they loan it out to you as their own property. But of course, there's no guarantee the newer one will be patched, but hopefully at least having it will make you eligible for a patch when it becomes available.
User avatar
Rachael
 
Joined: 13 Jan 2004

Re: WPA2 vulnerability revealed - update your devices NOW!

Postby Princess Viscra Maelstrom » Tue Oct 17, 2017 9:08 am

in that case, i'll update my other devices for now. my Win 10 desktop seems to be already okay (since that patch apparently arrived a week ago), which just leaves my iphone and laptop, the last one particularly important, since i use it everyday at work, making it particularly important that it doesn't get hit by the office wifi.
User avatar
Princess Viscra Maelstrom
wud u stop
 
Joined: 04 Dec 2008
Location: plergleland

Re: WPA2 vulnerability revealed - update your devices NOW!

Postby Matt » Thu Oct 19, 2017 4:26 pm

EDIT:
What if there are no security updates for my router or access point? Or if it does not support 802.11r?

Routers or access points (APs) are only vulnerable to our attack if they support the Fast BSS Transition (FT) handshake, or if they support client (repeater) functionality. First, the FT handshake is part of 802.11r, and is mainly supported by enterprise networks, and not by home routers or APs. Additionally, most home routers or APs do not support (or will not use) client functionality. In other words, your home router or AP likely does not require security updates. Instead, it are mainly enterprise networks that will have to update their network infrastructure (i.e. their routers and access points).
so uh yeah nevermind what i had here

[prior butthurt below]

Spoiler:
Last edited by Matt on Wed Nov 15, 2017 9:28 pm, edited 2 times in total.
User avatar
Matt
Putting the XD into *xdeath since 2007
 
 
 
Joined: 04 Jan 2004
Location: Gotham City SAR, Wyld-Lands of the Lotus People, Dominionist PetroConfederacy of Saudi Canadia

Re: WPA2 vulnerability revealed - update your devices NOW!

Postby Kinsie » Tue Oct 31, 2017 1:36 pm

Brief Update Time:

Apple's operating systems have been updated to fix the vulnerability. Grab the MacOS High Sierra 10.13.1 update for computers, or iOS 11.1 for phones and tablets from 2013 or newer.

Android fixes still seem to be spotty ahead of Google's planned November 6 fix for their own devices, as ever. Verizon have released their own patch for the Galaxy S8 and Galaxy S8+. I don't know much about Android, so please feel free to fill us in on more updates.
User avatar
Kinsie
Glarepokes (thx Kura-san!)
 
Joined: 22 Oct 2004
Location: MAP33
Discord: Find Me

Previous

Return to Off-Topic

Who is online

Users browsing this forum: No registered users and 2 guests