WPA2 Hacked
-
...must be a Monday. News like this only comes on Mondays.
-
The handshake has always been the weak spot of WPA and WPA2. WPA had other issues, but was only even supposed to be a stopgap until WPA2 hardware was readily available.
You can easily negate this entire thing by using PEAP to prevent malicious actors from spoofing disconnect frames that make your devices reconnect and thus require a new 4 way handshake.
-
Also, while this is a serious flaw, it requires a malicious actor on site.
This is not anything that I am worried about at a business.
I will of course patch as soon as non-beta patches are available, but it is not some stupid OMG FUCKING PANIC situation.
-
@jaredbusch said in WPA2 Hacked:
@dashrender said in WPA2 Hacked:
In the past, I only got new firmware when updating the Unifi Controller software itself. The Firmware update button is kinda new (though I'm sure this is where JB will tell me it's been in there for years).
It has been there since 5.0 was reelased
Oh additionally, your UniFi instance will download updates on a schedule even without you pressing that button or updating the version.
-
@jaredbusch said in WPA2 Hacked:
@jaredbusch said in WPA2 Hacked:
@dashrender said in WPA2 Hacked:
In the past, I only got new firmware when updating the Unifi Controller software itself. The Firmware update button is kinda new (though I'm sure this is where JB will tell me it's been in there for years).
It has been there since 5.0 was reelased
Oh additionally, your UniFi instance will download updates on a schedule even without you pressing that button or updating the version.
Isn't this only enabled by the admin and not by default? (I'll have to double check my controller)
-
@dustinb3403 said in WPA2 Hacked:
@jaredbusch said in WPA2 Hacked:
@jaredbusch said in WPA2 Hacked:
@dashrender said in WPA2 Hacked:
In the past, I only got new firmware when updating the Unifi Controller software itself. The Firmware update button is kinda new (though I'm sure this is where JB will tell me it's been in there for years).
It has been there since 5.0 was reelased
Oh additionally, your UniFi instance will download updates on a schedule even without you pressing that button or updating the version.
Isn't this only enabled by the admin and not by default? (I'll have to double check my controller)
There is no button for it to my knowledge, but I am almost certain I read that in the guide. My devices occasionally have firmware updates when I have not clicked the button, nor updated the controller itself.
-
@jaredbusch said in WPA2 Hacked:
@dustinb3403 said in WPA2 Hacked:
@jaredbusch said in WPA2 Hacked:
@jaredbusch said in WPA2 Hacked:
@dashrender said in WPA2 Hacked:
In the past, I only got new firmware when updating the Unifi Controller software itself. The Firmware update button is kinda new (though I'm sure this is where JB will tell me it's been in there for years).
It has been there since 5.0 was reelased
Oh additionally, your UniFi instance will download updates on a schedule even without you pressing that button or updating the version.
Isn't this only enabled by the admin and not by default? (I'll have to double check my controller)
There is no button for it to my knowledge, but I am almost certain I read that in the guide. My devices occasionally have firmware updates when I have not clicked the button, nor updated the controller itself.
Yeah, I think I've seen this once - but I wrote it off as - I updated the controller, and then got side tracked and didn't push out the firmware to the APs.
-
Just updated the UniFi Controller here at home,.. now running 5.5.24 and AP version 3.8.14.6780.. have to check the above link as well....
-
-
-
-
@dustinb3403 said in WPA2 Hacked:
@jaredbusch said in WPA2 Hacked:
Can you post direct links for that?
Thread in quesiton: https://community.ubnt.com/t5/UniFi-Wireless/FIRMWARE-3-9-3-7537-for-UAP-USW-has-been-released/td-p/2099370
I am jsut picking out the news from the noise.
-
@gjacobse said in WPA2 Hacked:
Just updated the UniFi Controller here at home,.. now running 5.5.24 and AP version 3.8.14.6780.. have to check the above link as well....
5.5.24 was released like two weeks ago slacker.
-
@jaredbusch said in WPA2 Hacked:
@gjacobse said in WPA2 Hacked:
Just updated the UniFi Controller here at home,.. now running 5.5.24 and AP version 3.8.14.6780.. have to check the above link as well....
5.5.24 was released like two weeks ago slacker.
Your point being? It's not something I have on my daily agenda to check on. and since it's my home setup,.. and it was working fine,.. there wasn't any business critical need.
-
@gjacobse said in WPA2 Hacked:
@jaredbusch said in WPA2 Hacked:
@gjacobse said in WPA2 Hacked:
Just updated the UniFi Controller here at home,.. now running 5.5.24 and AP version 3.8.14.6780.. have to check the above link as well....
5.5.24 was released like two weeks ago slacker.
Your point being? It's not something I have on my daily agenda to check on. and since it's my home setup,.. and it was working fine,.. there wasn't any business critical need.
Excuses excuses
-
@dustinb3403 said in WPA2 Hacked:
@gjacobse said in WPA2 Hacked:
@jaredbusch said in WPA2 Hacked:
@gjacobse said in WPA2 Hacked:
Just updated the UniFi Controller here at home,.. now running 5.5.24 and AP version 3.8.14.6780.. have to check the above link as well....
5.5.24 was released like two weeks ago slacker.
Your point being? It's not something I have on my daily agenda to check on. and since it's my home setup,.. and it was working fine,.. there wasn't any business critical need.
Excuses excuses
Not any form of excuse... it's reality. Those things involving having a home and 3 children - and sports... they are a higher priority and take center focus... then what is broke...
-
@gjacobse said in WPA2 Hacked:
@dustinb3403 said in WPA2 Hacked:
@gjacobse said in WPA2 Hacked:
@jaredbusch said in WPA2 Hacked:
@gjacobse said in WPA2 Hacked:
Just updated the UniFi Controller here at home,.. now running 5.5.24 and AP version 3.8.14.6780.. have to check the above link as well....
5.5.24 was released like two weeks ago slacker.
Your point being? It's not something I have on my daily agenda to check on. and since it's my home setup,.. and it was working fine,.. there wasn't any business critical need.
Excuses excuses
Not any form of excuse... it's reality. Those things involving having a home and 3 children - and sports... they are a higher priority and take center focus... then what is broke...
Sorry that was a joke, as I up voted your post to which I replied. . .
-
@dustinb3403 said in WPA2 Hacked:
@gjacobse said in WPA2 Hacked:
@dustinb3403 said in WPA2 Hacked:
@gjacobse said in WPA2 Hacked:
@jaredbusch said in WPA2 Hacked:
@gjacobse said in WPA2 Hacked:
Just updated the UniFi Controller here at home,.. now running 5.5.24 and AP version 3.8.14.6780.. have to check the above link as well....
5.5.24 was released like two weeks ago slacker.
Your point being? It's not something I have on my daily agenda to check on. and since it's my home setup,.. and it was working fine,.. there wasn't any business critical need.
Excuses excuses
Not any form of excuse... it's reality. Those things involving having a home and 3 children - and sports... they are a higher priority and take center focus... then what is broke...
Sorry that was a joke, as I up voted your post to which I replied. . .
The reply was for the channeled JB in that response...
-
If this is a client patching issue, what does patching access points do? Or are there two separate things here?
Looks like MS and some others have released a patch to fix this already, and you should be fine if you are regularly patching... but Android and others still have yet to release a patch to fix this.
https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-security-patches
-
Main Download page for the Unifi's still only showing 3.8 firmware