Securifi Community Forum

Securifi Products => Almond+ => Topic started by: AlanLawton on October 16, 2017, 10:57:34 am

Title: KRACK Attack
Post by: AlanLawton on October 16, 2017, 10:57:34 am: Is the Almond+ affected by the KRACK Attack vulnerability that was released today, and if so, when can we expect an update to resolve the issues?

https://www.krackattacks.com/
Title: Re: KRACK Attack
Post by: mastermike311 on October 16, 2017, 12:06:22 pm: +1 on this. It seems like the Almond+ doesn't get support anymore, but this is such a serious issue. Really hope they put an update together soon. Here is some more info for those that are interested:
https://arstechnica.com/information-technology/2017/10/how-the-krack-attack-destroys-nearly-all-wi-fi-security/
Title: Re: KRACK Attack
Post by: Ashok on October 16, 2017, 01:11:07 pm: @ AlanLawton,

After going through it completely found that, it is more of a client device (Laptop, Smartphones etc) update, which is required not Access point or Router. However, there are some small fixes, which has to be done on the Router side, information has been already forwarded to our Chipset vendor waiting for the update.
Title: Re: KRACK Attack
Post by: tt4me on October 16, 2017, 01:24:08 pm: Assuming that this update will come as quickly as "recent" A+ updates, I'm thinking this is the straw that will lead me to finally dumping this thing and moving on.
Title: Re: KRACK Attack
Post by: AlanLawton on October 16, 2017, 03:29:47 pm: Does that mean we can expect an update to this in the near future?
Title: Re: KRACK Attack
Post by: nsgnfcnt1 on October 16, 2017, 11:27:18 pm: Quote from: Ashok on October 16, 2017, 01:11:07 pm
@ AlanLawton,

After going through it completely found that, it is more of a client device (Laptop, Smartphones etc) update, which is required not Access point or Router. However, there are some small fixes, which has to be done on the Router side, information has been already forwarded to our Chipset vendor waiting for the update.

Ubiquiti released a firmware update in time for disclosure:
https://help.ubnt.com/hc/en-us/articles/115013737328-Ubiquiti-Devices-KRACK-Vulnerability (https://help.ubnt.com/hc/en-us/articles/115013737328-Ubiquiti-Devices-KRACK-Vulnerability)

To say this isn't an AP problem is mighty disingenuous. :(
Title: Re: KRACK Attack
Post by: tt4me on October 17, 2017, 02:30:01 pm: Quote from: nsgnfcnt1 on October 16, 2017, 11:27:18 pm
Ubiquiti released a firmware update in time for disclosure:
https://help.ubnt.com/hc/en-us/articles/115013737328-Ubiquiti-Devices-KRACK-Vulnerability (https://help.ubnt.com/hc/en-us/articles/115013737328-Ubiquiti-Devices-KRACK-Vulnerability)

To say this isn't an AP problem is mighty disingenuous. :(

Exactly!!

Has to be fixed on one side or the other. Doesn't need to be on both sides, but clearly on the router/AP side is the best case scenario and the proper resolution.
Title: Re: KRACK Attack
Post by: Ashok on October 17, 2017, 03:14:14 pm: @ All,

We are trying our best to get the fix from our Chipset vendor. However, please do ensure that all your client devices (Laptop, Smartphones etc..,) are updated or else, it may not help the situation.
Title: Re: KRACK Attack
Post by: cthree87 on October 18, 2017, 05:21:56 pm: They get their WIFI software stack from the vendor of the chip they use for WIFI (Broadcom??). They need someone else to fix and release updated software development libraries so that securifi can compile and build a new firmware with it. No fix from the vendor, no fix from securifi. They aren't in control of it but I sure hope they choose a good vendor who they are pressuring hard to release a fix. Right?
Title: Re: KRACK Attack
Post by: SR on October 19, 2017, 12:58:17 pm: When Almond router is actin as a client in Renge Extender mode it is affected by KRACK vulnerability.
So the fix is defiantly required.

Almost all big brands released the fix at the time the attack was publicly announced:
https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
Chip vendors including Broadcom and Atheros Communications, Inc. are on the list as well and they have released the fix.

And the fix itself does not require kernel modifications or new drivers. Only patched version of wpa_supplicant is required. So help from chip vendor is really not required for this.

This attitude just shows that Securifi does not monitor current vulnerabilities and does not care about security.
Title: Re: KRACK Attack
Post by: nsgnfcnt1 on November 03, 2017, 01:12:16 pm: Any news, @Ashok?
Title: Re: KRACK Attack
Post by: APop on November 04, 2017, 11:25:10 pm: Bump
Title: Re: KRACK Attack
Post by: joltdude on November 30, 2017, 08:16:38 am: Its primarily an AP or IoT device problem.. To KRACK someone the device needs to be a Station...... That said.. there are fixes on both sides of the equation...but the main one is on the clients, not hosts (i.e .. devices not the router/firewall) Everyone hemming and hawing.. Securifi has had issues with their chipset vendor in the Almond+ .. Vendor wants to basically wipe their hands clean of the previous product which they bought out from another company... and replace it with their own... Just like Qualcomm is doing to a bunch of IoT vendors... who use their streaming radio chipset... BTW its Realtek not Broadcomm whose the chipset vendor for this device... The chipset in it is technically NOT a Realtek chip.. but a chipset bought out by Realtek who was their competitor...