I have a BT Home Hub 5 (not a version B, but a Type A) that was updated on 12/07/2017 to version 126.96.36.199.188.8.131.52.2.
In the light of recent media articles about the 'KRACK' vulnerabilities, does that updated version afford the needed protection or should there be a more recent newer update installed? If so when will it be installed?
Also, when will IPv6 be implimented? I live in the Trowbridge, Wiltshire area.
Unless you are connecting multiple hubs around the home, then the wireless client vulnerabilities are not really relevant. Only routers that are configured to act as clients to a central router really need patching. So while it will be nice to see the BT hubs all updated, for the vast majority of people it isn't going to protect them from KRACK attacks.
BT Whole Home is an example of a system that will need updating, since you have multiple access points acting as clients to distribute wireless around your home. That system is vulnerable to KRACK attacks.
But for most people, it is our own clients (our computers, mobile devices, iot devices) that are vulnerable and all need updating.
Windows 10 is updated for example to prevent KRACK attacks, but it's still not totally safe. If your laptop is configured to fall into what's known as lower performance, low power wifi, Windows 10 will use the vendor drivers and those will most likely still be vulnerable to KRACK until updated drivers are issued.
What I'm doing:
I've renamed my wireless SSID and changed the password so no clients can connect to it. (FYI - renaming SSID and changing password has no benefit when it comes to defeating KRACK, but it does immediately knock all my configured devices off the network until I re-configure them and allow them access.) I will then slowly allow them back onto the wifi network as and when they have been updated with new firmware/drivers from the vendor. Alternatively, I will allow some devices to still use the wireless network but only when they are connected via my VPN. Since my VPN encrypts all the traffic to/from the router, it makes those devices safe to use.
Thanks for your response. All the articles I've read in the technical media suggest that all modems are vulnerable, including HH5's.
Our home network consists of the HH5A, two Gigabit switches, a Netgear WiFi extender, a W8.1 and a W7 laptops, a 'smart' TV and several Android portable devices (tablets, Kindles and mobile phones). The laptops normally only use Gigabit Ethernet via the switches, WiFi is only used as an emergency standby in case of failure of the Ethernet systems or if the laptop is temporarily moved. The smart TV is also via wired Ethernet. Only the tablets and mobile phone (just one of) use the WiFi services. (We do not use W10 and don't intend to for a long time yet, if ever.)
So why is there so much 'hype' about the vulnerability of WiFi systems in general being 'at risk' of attacks? All the articles I've read suggest that the vulnerability is in the modem as well as hardware connected to them via WiFi.
Plus, is the firmware currently installed the latest version?
Your Netgear extender will be acting as a client so that is vulnerable to KRACK. Hopefully Netgear will make a firmware update available relatively soon.
if BT update the firmware for your home hub, it will really only do any good if you use it in client mode (I'm not even sure if it is possible to do this). The firmware update to the hub won't stop your other devices from being vulnerable to KRACK. Your other devices need their own software updates to be made secure. That said, BT should still patch the Hub because it is good practice to close known vulnerabilities whenever possible, and closing this vulnerability is dead simple.
Everything you have connecting over Ethernet is safe. And that is why I am bringing Ethernet slowly back to life on my network atm, having previously been slowly phasing it out.
I don't currently have a HH5 connected so I have no idea what the latest firmware version is for your type.
@Anonymous. Can you post a reference from a reputable source that states it's only clients that are vulnerable? To be honest, I'm not convinced that to be correct.
If we take Cisco as an example, their PSIRT Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II states:
"These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point."
And if you look at the Affected Products in that bulletin it shows pretty much all their Aironet and Meraki Access Point products as vulnerable.
I stand corrected. The following is by the researcher Mathy Vanhoef that found the vulnerability and quoted from the Key Reinstallation Attacks web site:
"Q. What if there are no security updates for my router?
A. Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones."
Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients.
That's not v. conclusive! That's the researchers' attack but what about others' attacks?
@smf22: I'm talking about other people, i.e. hackers, making an Krack attack not other vulnerabilities.
I think you'll find there will always be hackers. Wireless networks will likely be vulnerable to being compromised for the foreseeable future. What people seem to be forgetting is the fact that, even for the most recent vulnerability the attacker must be within wireless range of your wireless network. I think most folk will notice the 'lurker' outside their home with his/her laptop.
Where folks should be concerned is when using a public wireless connection, cafes etc. Look around next time you visit one of these establishments, all those others with wireless devices, which one of them is snooping on your data transfer?