PSA: Update your Wi-Fi Routers & Client OS

Discussion in 'Fred's House of Pancakes' started by Prodigyplace, Oct 16, 2017.

  1. bhtooefr

    bhtooefr Senior Member

    Joined:
    Apr 4, 2016
    1,396
    1,489
    0
    Location:
    Newark, OH, USA
    Vehicle:
    2016 Prius
    Model:
    Three
    WPA2-AES on the client side actually is quite effected...
     
  2. Prodigyplace

    Prodigyplace 2025 Camry XLE FWD

    Joined:
    Nov 1, 2016
    12,285
    11,620
    0
    Location:
    Central Virginia
    Vehicle:
    Other Hybrid
    Model:
    XLE
    pilotgrrl likes this.
  3. pilotgrrl

    pilotgrrl Senior Member

    Joined:
    Jul 23, 2017
    891
    1,797
    0
    Location:
    Chicagoan in TX
    Vehicle:
    2016 Prius
    Model:
    Three
  4. Prodigyplace

    Prodigyplace 2025 Camry XLE FWD

    Joined:
    Nov 1, 2016
    12,285
    11,620
    0
    Location:
    Central Virginia
    Vehicle:
    Other Hybrid
    Model:
    XLE
    Too many lists. Cisco has indeed responded. See
    These are the router makers that have patched KRACK WPA2 Wi-Fi flaws | Windows Central

    That link is more than router vendors.

    IMHO enterprise vendor HPE/Aruba Networks is seems to ve very customer focused. They have released the security fixes for those with no support contract too.

    Disclaimer: I am employed by an Aruba Networks customer.
     
    pilotgrrl likes this.
  5. bisco

    bisco cookie crumbler

    Joined:
    May 11, 2005
    111,181
    50,612
    0
    Location:
    boston
    Vehicle:
    2012 Prius Plug-in
    Model:
    Plug-in Base
    i'm glad my fridge isn't connected, i don't abide anyone stealing my beer.
     
  6. VFerdman

    VFerdman Senior Member

    Joined:
    Jul 5, 2017
    1,184
    1,212
    3
    Location:
    Western Massachusetts
    Vehicle:
    2007 Prius
    Model:
    Three
    So riddle me this. If the WPA2 protocol is broken, how can you only patch one side (either client or server) and have the thing still work? I know the answer is probably "it's complicated", and I appreciate the complexity of these protocols. But I am wondering how good the one-sided patch is. Will I even be able to connect a patched client to an unpatched router? If the two connect how does the vulnerability avoided?
     
  7. Prodigyplace

    Prodigyplace 2025 Camry XLE FWD

    Joined:
    Nov 1, 2016
    12,285
    11,620
    0
    Location:
    Central Virginia
    Vehicle:
    Other Hybrid
    Model:
    XLE
    To resolve the issues both sides must be patched. If only one side is patched it will work with some vulnerability.
     
    RCO likes this.
  8. RCO

    RCO Senior Member

    Joined:
    Aug 31, 2016
    3,709
    5,185
    0
    Location:
    Cornwall
    Vehicle:
    Other Hybrid
    Model:
    N/A
    Mobile phone users will always be at the mercy of their respective manufacturers for security updates. Their track record for updates of even the OS leaves plenty to be desired! :mad:
     
    bhtooefr and VFerdman like this.
  9. Prodigyplace

    Prodigyplace 2025 Camry XLE FWD

    Joined:
    Nov 1, 2016
    12,285
    11,620
    0
    Location:
    Central Virginia
    Vehicle:
    Other Hybrid
    Model:
    XLE
    Ir appears that in addition to your computer Os, some vendors are releasing updated drivers for the wireless card. I know Intel has new driver to address the issue.
     
  10. VFerdman

    VFerdman Senior Member

    Joined:
    Jul 5, 2017
    1,184
    1,212
    3
    Location:
    Western Massachusetts
    Vehicle:
    2007 Prius
    Model:
    Three
    I would think that would be necessary as fixing something like this from an OS can be difficult or impossible. Microsoft is said to have rolled a fix for this in last week's Windows update, but I have not seen anything stating details. I am running Windows 7 on a Lenovo ThinkPad with Intel Centrino Advanced-N wifi card in it. I tried a driver update from the device manager on Windows and it said Windows thought the driver was up to date. Still waiting for Netgear to release an update to my wife router...

    I am just hoping that my home network is a worthless target, but still, I want it to be secure.
     
    RCO likes this.
  11. Prodigyplace

    Prodigyplace 2025 Camry XLE FWD

    Joined:
    Nov 1, 2016
    12,285
    11,620
    0
    Location:
    Central Virginia
    Vehicle:
    Other Hybrid
    Model:
    XLE
    Although Apple says an update is in beta and coming in a few weeks, I suspect the iOS 11.0.3 released last week had at least some of the fixes. It will still be a while before Google releases Android patches.
    There are Netgear links on this page,
    These are the router makers that have patched KRACK WPA2 Wi-Fi flaws | Windows Central

    Here are the Intel drivers i found. I also saw a mention of a security advisory.
    Download Intel® PROSet/Wireless Software and Drivers for Windows 7*


    Here for windows 10.
    Download Intel® PROSet/Wireless Software and Drivers for Windows® 10
    EDIT Here is the Intel advisory.

    Intel® Product Security Center
     
    RCO likes this.
  12. VFerdman

    VFerdman Senior Member

    Joined:
    Jul 5, 2017
    1,184
    1,212
    3
    Location:
    Western Massachusetts
    Vehicle:
    2007 Prius
    Model:
    Three
    As I predicted none of my devices are on any of these lists. I tend to run devices on the oldish side as I am just a home network and do not run out and buy the latest router every year. As well, my laptop is about 5 years old and running Windows 7 and has an older wifi card in it that Intel no longer lists in their latest software. This is sad, but will be the case for 90% of the non-industrial users, at least for now. Maybe it's a ploy to get people to upgrade their older equipment. It has been a while since it was necessary to upgrade hardware to obtain some new features (like USB, SATA, etc.)
     
    RCO likes this.
  13. bhtooefr

    bhtooefr Senior Member

    Joined:
    Apr 4, 2016
    1,396
    1,489
    0
    Location:
    Newark, OH, USA
    Vehicle:
    2016 Prius
    Model:
    Three
    Not releasing updates for old hardware is something that's happened for a very long time - sometimes it really isn't feasible to update things (whether it's a matter of the hardware not actually being capable of handling an update, the hardware being so old that it's too much work to feasibly to an update, or there simply not being many users left to justify it), sometimes it is a ploy to get people to replace perfectly good hardware early. It's just that it's a problem when it's security-related...
     
    VFerdman and RCO like this.
  14. Prodigyplace

    Prodigyplace 2025 Camry XLE FWD

    Joined:
    Nov 1, 2016
    12,285
    11,620
    0
    Location:
    Central Virginia
    Vehicle:
    Other Hybrid
    Model:
    XLE
    If you are using WPA2-PSK (pick AES if asked) You have minimized your exposure. somebody would need to be close enough to use your wireless signal before they could listen in to your data.
    Whether that is a worthwhile risk is up to you to determine.
     
  15. jerrymildred

    jerrymildred Senior Member

    Joined:
    Oct 28, 2016
    11,517
    14,132
    0
    Location:
    Tampa, FL
    Vehicle:
    2017 Prius
    Model:
    Two
    I read last night that Apple has already baked it into the latest iOS 11.1 developer beta. I'm installing iOS 11.0.3 on the phone right now. Apple generally doesn't reveal what security issues their updates address -- for security reasons, I presume.
     
  16. Prodigyplace

    Prodigyplace 2025 Camry XLE FWD

    Joined:
    Nov 1, 2016
    12,285
    11,620
    0
    Location:
    Central Virginia
    Vehicle:
    Other Hybrid
    Model:
    XLE
    I have seen articles quoting Apple as saying patches are in their beta versions and will be released in a few weeks. I have seen others say the patches have been released.
     
    #56 Prodigyplace, Oct 17, 2017
    Last edited: Oct 17, 2017
    jerrymildred likes this.
  17. Mark57

    Mark57 2021 Tesla Model 3 LR AWD

    Joined:
    Aug 14, 2009
    2,945
    2,738
    0
    Location:
    OK
    Vehicle:
    Other Electric Vehicle
    Model:
    N/A
    No worries, nobody drinks JAX anymore.;)
     
    bisco likes this.
  18. VFerdman

    VFerdman Senior Member

    Joined:
    Jul 5, 2017
    1,184
    1,212
    3
    Location:
    Western Massachusetts
    Vehicle:
    2007 Prius
    Model:
    Three
    I've been a firmware development professional for many years and understand the issues of legacy support all too well. It is, however a security issue on a grand scale, so I think large companies like Intel and Netgear really need to step up to the plate and do the right thing even if the accountants will yell at them at the meetings.

    My hardware isn't even that old. My Netgear wifi router was bought new at Walmart several months ago. My laptop wifi card is a bit older, but it's still a fairly current product. So, yes, I get the corporate difficulties, but it's a terrible reputation to try and carry, that of leaving millions of devices wide open to hacking. I guess it's the way of the future...
     
    RCO and bhtooefr like this.
  19. Prodigyplace

    Prodigyplace 2025 Camry XLE FWD

    Joined:
    Nov 1, 2016
    12,285
    11,620
    0
    Location:
    Central Virginia
    Vehicle:
    Other Hybrid
    Model:
    XLE
    If you exercise the recommended security precautions the vulnerability is not that great. It is just shocking that almost everybody implemented the standard very poorly.
     
    #59 Prodigyplace, Oct 17, 2017
    Last edited: Oct 17, 2017
    RCO and VFerdman like this.
  20. bhtooefr

    bhtooefr Senior Member

    Joined:
    Apr 4, 2016
    1,396
    1,489
    0
    Location:
    Newark, OH, USA
    Vehicle:
    2016 Prius
    Model:
    Three
    Personally, I fear that the only solution to devices being prematurely abandoned is legislation requiring that security updates be provided for so many years.
     
    RCO likes this.