What happened?
A few weeks ago, the world woke up to the news that the trusted encryption standard for Wi-Fi: WPA2, is vulnerable. It's the end of Wi-Fi security! Everyone is exposed! SHUT DOWN WI-FI!!!
Don't panic, the sky is not falling, we don't need "WPA3," and this is definitely not "EQUIFAX-like" on a global scale…
In a nutshell, this was academic research (learn more about it here) done by network security researchers to exploit any vulnerabilities in the WPA2 security standard. The researcher published his findings in an ethical manner, so the Wi-Fi community can get ahead of the problem and fix it.
In other words, this is a good thing for Wi-Fi security. It's like discovering a leak in your roof. You don't tear down the house or live in a roof-less house from now on. You fix the leak, check the roof for other leaks, and make sure the next house doesn't have one.
Who is impacted?
The research found 10 vulnerabilities in WPA2. Nine of them are on the "client side," which means they affect client devices such as smartphones, tablets, laptops, IoT devices, etc. But it's worth noting that Apple's iOS and Microsoft's Windows devices are much less affected than Android devices. iOS and Windows devices' exposure is so minimal, due to the way they handle Wi-Fi communication, that an attack on these devices is virtually harmless.
On the other hand, Android devices are known for being vulnerable to various security threats, which includes this one. Linux-based devices are also vulnerable, but the Linux community has released a patch to address those vulnerabilities.
Wireless Access Points (server-side devices) are only vulnerable when they are in "client mode." In a real-world scenario, there are two cases when APs are in client mode: repeater/mesh mode, and 802.11r (Fast Roaming).
Should I panic?
No, for various reasons:
- This is not a weakness that can expose Wi-Fi networks to remote attacks. In other words, a hacker won't be able to sit in his room and initiate attacks to other networks in different locations.
- The attack must happen within physical proximity to the target network. The attacker needs to be very close to the target network so they can be within range of coverage of the target network.
- There is no publicly available "tool" to facilitate a potential attack. The hacker must be sophisticated, knowledgeable, and utilize advanced tools to issue an attack. An attack of this nature is not an easy task.
- A potential attack only affects one device at a time, not the entire network. This means the attacker, after being within target network Wi-Fi coverage, will target one device on the network to sniff its traffic. This makes target devices more attractive on the smartphone side. What's the best an attacker can get from hacking a wireless speaker for example? Listen to what the target is listening?
- A lot of manufacturers have released, or are in the process of releasing, patches to fix the vulnerability. Also, there hasn't been any reports on malicious use of these exploits. This mitigates the potential impact since attackers know the limitations and the short life of these vulnerabilities.
What should I do?
While there’s no reason to panic, you should be proactive and take the following steps:
- Make sure you update firmware on ALL devices in the networks you manage. Manufacturers release firmware updates to fix bugs and/or improve performance and functionality. You are always recommended to update all devices to the latest available firmware.
- Contact manufacturers for Wi-Fi devices on your network that haven't received a firmware update to address this vulnerability. Wired-only devices are not exposed to this vulnerability.
- If you manage a Wi-Fi network, disable 802.11r (Fast Roaming) until the manufacturer of the Access Point releases a firmware to fix the issue.
- If you manage a Wi-Fi network with mesh capability, turn off mesh until the manufacturer of the Access Point releases a firmware to fix the issue.
- Be proactive and communicate to your customers if they haven't already contacted you. It's usually comforting for end consumers to know that you are on top of things and providing assurance about their digital security.
What should I tell my customers?
You are recommended to reach out to your customers and clearly communicate the facts mentioned above. Again, a potential attack must be done within physical proximity to the target network, and the attacker must use sophisticated tools to deliver an attack. A potential attack targets only one device on the network at a time. Most valuable information resides on client personal devices such as smartphones, and those will have the highest chance of being targeted.
You should recommend your clients update their personal devices to the latest patches when available. Also, you can assure your customers that you already updated their Wi-Fi network devices to the latest firmware or have contacted those manufacturers to make sure all Wi-Fi devices are properly patched.
What about Araknis products?
As a member of Wi-Fi Alliance, we were informed promptly about these vulnerabilities. We informed our customer-facing and technical support teams about these findings the same day with recommended steps of disabling Repeater Mode and Fast Roaming when dealers call.
We have worked with our engineering team to patch all of our wireless access points, and we are happy to report that a beta firmware is available for all Araknis Wireless Access Points on the website by EoD Thu 11/2/2017. Since this is a beta build, dealers who are eager to patch their access points are advised to do so by accessing the local UI of the access point. Dealers can do so by one of following methods:
- If there is an OvrC hub in the network, utilize the remote connect feature on OvrC to reliably access the local UI remotely and perform a firmware update.
- VPN tunnel to the network and access the local UI of the access point remotely.
- If you have port forwarding on the router (with or without DDNS), you can access the local UI remotely and perform a firmware update.
We are targeting Friday, 11/10/2017 to make the firmware publicly available on the website and OvrC. If you elect to wait, updating the access points can be as easy as a push of a button using the OvrC cloud management platform.