Securifi Community Forum
Securifi Products => Almond+ => Topic started by: AlanLawton on October 16, 2017, 10:57:34 am
-
Is the Almond+ affected by the KRACK Attack vulnerability that was released today, and if so, when can we expect an update to resolve the issues?
https://www.krackattacks.com/
-
+1 on this. It seems like the Almond+ doesn't get support anymore, but this is such a serious issue. Really hope they put an update together soon. Here is some more info for those that are interested:
https://arstechnica.com/information-technology/2017/10/how-the-krack-attack-destroys-nearly-all-wi-fi-security/
-
@ AlanLawton,
After going through it completely found that, it is more of a client device (Laptop, Smartphones etc) update, which is required not Access point or Router. However, there are some small fixes, which has to be done on the Router side, information has been already forwarded to our Chipset vendor waiting for the update.
-
Assuming that this update will come as quickly as "recent" A+ updates, I'm thinking this is the straw that will lead me to finally dumping this thing and moving on.
-
Does that mean we can expect an update to this in the near future?
-
@ AlanLawton,
After going through it completely found that, it is more of a client device (Laptop, Smartphones etc) update, which is required not Access point or Router. However, there are some small fixes, which has to be done on the Router side, information has been already forwarded to our Chipset vendor waiting for the update.
Ubiquiti released a firmware update in time for disclosure:
https://help.ubnt.com/hc/en-us/articles/115013737328-Ubiquiti-Devices-KRACK-Vulnerability (https://help.ubnt.com/hc/en-us/articles/115013737328-Ubiquiti-Devices-KRACK-Vulnerability)
To say this isn't an AP problem is mighty disingenuous. :(
-
Ubiquiti released a firmware update in time for disclosure:
https://help.ubnt.com/hc/en-us/articles/115013737328-Ubiquiti-Devices-KRACK-Vulnerability (https://help.ubnt.com/hc/en-us/articles/115013737328-Ubiquiti-Devices-KRACK-Vulnerability)
To say this isn't an AP problem is mighty disingenuous. :(
Exactly!!
Has to be fixed on one side or the other. Doesn't need to be on both sides, but clearly on the router/AP side is the best case scenario and the proper resolution.
-
@ All,
We are trying our best to get the fix from our Chipset vendor. However, please do ensure that all your client devices (Laptop, Smartphones etc..,) are updated or else, it may not help the situation.
-
They get their WIFI software stack from the vendor of the chip they use for WIFI (Broadcom??). They need someone else to fix and release updated software development libraries so that securifi can compile and build a new firmware with it. No fix from the vendor, no fix from securifi. They aren't in control of it but I sure hope they choose a good vendor who they are pressuring hard to release a fix. Right?
-
When Almond router is actin as a client in Renge Extender mode it is affected by KRACK vulnerability.
So the fix is defiantly required.
Almost all big brands released the fix at the time the attack was publicly announced:
https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
Chip vendors including Broadcom and Atheros Communications, Inc. are on the list as well and they have released the fix.
And the fix itself does not require kernel modifications or new drivers. Only patched version of wpa_supplicant is required. So help from chip vendor is really not required for this.
This attitude just shows that Securifi does not monitor current vulnerabilities and does not care about security.
-
Any news, @Ashok?
-
Bump
-
Its primarily an AP or IoT device problem.. To KRACK someone the device needs to be a Station...... That said.. there are fixes on both sides of the equation...but the main one is on the clients, not hosts (i.e .. devices not the router/firewall) Everyone hemming and hawing.. Securifi has had issues with their chipset vendor in the Almond+ .. Vendor wants to basically wipe their hands clean of the previous product which they bought out from another company... and replace it with their own... Just like Qualcomm is doing to a bunch of IoT vendors... who use their streaming radio chipset... BTW its Realtek not Broadcomm whose the chipset vendor for this device... The chipset in it is technically NOT a Realtek chip.. but a chipset bought out by Realtek who was their competitor...