If you can't update your router, at least see if you can update your clients (mobile phones, computer OSes, etc).Viscra Maelstrom wrote:i can't find any new updates for the firmware on our router over here, should i be worried? it doesn't detect any updates when i check for them in the router settings, and the site that supposedly should have my model on it (Netgear) doesn't yield any results for our router (OnNetworks 300R).
WPA2 vulnerability revealed - update your devices NOW!
- wildweasel
- Posts: 21706
- Joined: Tue Jul 15, 2003 7:33 pm
- Preferred Pronouns: He/Him
- Operating System Version (Optional): A lot of them
- Graphics Processor: Not Listed
- Contact:
Re: WPA2 vulnerability revealed - update your devices NOW!
Re: WPA2 vulnerability revealed - update your devices NOW!
Keep checking.
Hopefully it's not an outdated model - if it is, I expect in the coming weeks users will find a way to patch the WPA2 driver in the firmware manually.
Hopefully it's not an outdated model - if it is, I expect in the coming weeks users will find a way to patch the WPA2 driver in the firmware manually.
- Viscra Maelstrom
- Posts: 6200
- Joined: Thu Dec 04, 2008 1:14 am
- Location: plergleland
Re: WPA2 vulnerability revealed - update your devices NOW!
apparently the router we use is EOL. according to this, the closest i would be able to find firmware-wise for it is for the WNR2000v5. is it safe though to use firmware that's meant to be compliant for another model of router?
edit: also worth mentioning is that Netgear doesn't seem to list that model as being vulnerable.
edit: also worth mentioning is that Netgear doesn't seem to list that model as being vulnerable.
Re: WPA2 vulnerability revealed - update your devices NOW!
No, it is not safe. Not unless the drivers are all the same - the moment you mess up the drivers, the whole thing is gone.
Your best bet is to wait until a user patch is created that covers a lot of models that specifically targets the WPA2 drivers without affecting the rest of the system. Of course, getting in and gaining root access in order to install it is a different story.
Alternatively, if the router belongs to your ISP, see if you can negotiate with them to get a newer one. ISP's typically don't have a problem keeping you up to date on routers if they loan it out to you as their own property. But of course, there's no guarantee the newer one will be patched, but hopefully at least having it will make you eligible for a patch when it becomes available.
Your best bet is to wait until a user patch is created that covers a lot of models that specifically targets the WPA2 drivers without affecting the rest of the system. Of course, getting in and gaining root access in order to install it is a different story.
Alternatively, if the router belongs to your ISP, see if you can negotiate with them to get a newer one. ISP's typically don't have a problem keeping you up to date on routers if they loan it out to you as their own property. But of course, there's no guarantee the newer one will be patched, but hopefully at least having it will make you eligible for a patch when it becomes available.
- Viscra Maelstrom
- Posts: 6200
- Joined: Thu Dec 04, 2008 1:14 am
- Location: plergleland
Re: WPA2 vulnerability revealed - update your devices NOW!
in that case, i'll update my other devices for now. my Win 10 desktop seems to be already okay (since that patch apparently arrived a week ago), which just leaves my iphone and laptop, the last one particularly important, since i use it everyday at work, making it particularly important that it doesn't get hit by the office wifi.
- Matt
- Posts: 9696
- Joined: Sun Jan 04, 2004 5:37 pm
- Preferred Pronouns: They/Them
- Operating System Version (Optional): Debian Bullseye
- Location: Gotham City SAR, Wyld-Lands of the Lotus People, Dominionist PetroConfederacy of Saudi Canadia
- Contact:
Re: WPA2 vulnerability revealed - update your devices NOW!
EDIT:
[prior butthurt below]
so uh yeah nevermind what i had hereWhat if there are no security updates for my router or access point? Or if it does not support 802.11r?
Routers or access points (APs) are only vulnerable to our attack if they support the Fast BSS Transition (FT) handshake, or if they support client (repeater) functionality. First, the FT handshake is part of 802.11r, and is mainly supported by enterprise networks, and not by home routers or APs. Additionally, most home routers or APs do not support (or will not use) client functionality. In other words, your home router or AP likely does not require security updates. Instead, it are mainly enterprise networks that will have to update their network infrastructure (i.e. their routers and access points).
[prior butthurt below]
Spoiler:
Last edited by Matt on Wed Nov 15, 2017 8:28 pm, edited 2 times in total.
- Kinsie
- Posts: 7399
- Joined: Fri Oct 22, 2004 9:22 am
- Graphics Processor: nVidia with Vulkan support
- Location: MAP33
- Contact:
Re: WPA2 vulnerability revealed - update your devices NOW!
Brief Update Time:
Apple's operating systems have been updated to fix the vulnerability. Grab the MacOS High Sierra 10.13.1 update for computers, or iOS 11.1 for phones and tablets from 2013 or newer.
Android fixes still seem to be spotty ahead of Google's planned November 6 fix for their own devices, as ever. Verizon have released their own patch for the Galaxy S8 and Galaxy S8+. I don't know much about Android, so please feel free to fill us in on more updates.
Apple's operating systems have been updated to fix the vulnerability. Grab the MacOS High Sierra 10.13.1 update for computers, or iOS 11.1 for phones and tablets from 2013 or newer.
Android fixes still seem to be spotty ahead of Google's planned November 6 fix for their own devices, as ever. Verizon have released their own patch for the Galaxy S8 and Galaxy S8+. I don't know much about Android, so please feel free to fill us in on more updates.