PSA: Update your Wi-Fi Routers & Client OS

WPA2-AES on the client side actually is quite effected...

 

Who has updates, who has commented & no comments on KRACK patches:

https://www.cnet.com/news/krack-wi-fi-attack-patch-how-microsoft-apple-google-responding

Posted via the PriusChat mobile app.

 

i'm glad my fridge isn't connected, i don't abide anyone stealing my beer.

 

So riddle me this. If the WPA2 protocol is broken, how can you only patch one side (either client or server) and have the thing still work? I know the answer is probably "it's complicated", and I appreciate the complexity of these protocols. But I am wondering how good the one-sided patch is. Will I even be able to connect a patched client to an unpatched router? If the two connect how does the vulnerability avoided?

 

Mobile phone users will always be at the mercy of their respective manufacturers for security updates. Their track record for updates of even the OS leaves plenty to be desired!

 

I would think that would be necessary as fixing something like this from an OS can be difficult or impossible. Microsoft is said to have rolled a fix for this in last week's Windows update, but I have not seen anything stating details. I am running Windows 7 on a Lenovo ThinkPad with Intel Centrino Advanced-N wifi card in it. I tried a driver update from the device manager on Windows and it said Windows thought the driver was up to date. Still waiting for Netgear to release an update to my wife router...

I am just hoping that my home network is a worthless target, but still, I want it to be secure.

 

As I predicted none of my devices are on any of these lists. I tend to run devices on the oldish side as I am just a home network and do not run out and buy the latest router every year. As well, my laptop is about 5 years old and running Windows 7 and has an older wifi card in it that Intel no longer lists in their latest software. This is sad, but will be the case for 90% of the non-industrial users, at least for now. Maybe it's a ploy to get people to upgrade their older equipment. It has been a while since it was necessary to upgrade hardware to obtain some new features (like USB, SATA, etc.)

 

Not releasing updates for old hardware is something that's happened for a very long time - sometimes it really isn't feasible to update things (whether it's a matter of the hardware not actually being capable of handling an update, the hardware being so old that it's too much work to feasibly to an update, or there simply not being many users left to justify it), sometimes it is a ploy to get people to replace perfectly good hardware early. It's just that it's a problem when it's security-related...

 

I read last night that Apple has already baked it into the latest iOS 11.1 developer beta. I'm installing iOS 11.0.3 on the phone right now. Apple generally doesn't reveal what security issues their updates address -- for security reasons, I presume.

 

No worries, nobody drinks JAX anymore.

 

I've been a firmware development professional for many years and understand the issues of legacy support all too well. It is, however a security issue on a grand scale, so I think large companies like Intel and Netgear really need to step up to the plate and do the right thing even if the accountants will yell at them at the meetings.

My hardware isn't even that old. My Netgear wifi router was bought new at Walmart several months ago. My laptop wifi card is a bit older, but it's still a fairly current product. So, yes, I get the corporate difficulties, but it's a terrible reputation to try and carry, that of leaving millions of devices wide open to hacking. I guess it's the way of the future...

 

Personally, I fear that the only solution to devices being prematurely abandoned is legislation requiring that security updates be provided for so many years.