Forum Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jake_d
Beginner

on ‎16-10-2017 8h58

5,657 Views
Message 1 of 39

WPA2 security flaw

Can anyone reassure me that given the WPA2 WiFi security protocol has been hacked, BT Home Hubs have been patched?

I tried searching for a response from BT but couldn't see one.

See here for details: https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-tra...
Tags (2)
0 Ratings
38 REPLIES 38
krisalexander
Beginner

on ‎16-10-2017 9h36

5,635 Views
Message 2 of 39

Re: WPA2 security flaw

Yes, I have just been reading this article and would like to know if BT have patched our HomeHub5 Firmware.

0 Ratings
M3k0n
Beginner

on ‎16-10-2017 10h41

5,580 Views
Message 3 of 39

Re: WPA2 security flaw

A firmware update is crucial as full disclosure of the attack vector is imminent, and the only way to mitigate is to turn WiFi off.

 

Looking forward to a prompt response from BT.

 

FYI “BT Business Hub 5 (Type A) | Software version 4.7.5.1.83.8.230 | Last updated 15/07/16

Tags (2)
Dippu
Expert

on ‎16-10-2017 11h30

5,534 Views
Message 4 of 39

Re: WPA2 security flaw

The website has just opened. Interesting Q&As.

 

https://www.krackattacks.com/

 

 

0 Ratings
Brandscill
Aspiring Expert

on ‎16-10-2017 11h47

5,514 Views
Message 5 of 39

Re: WPA2 security flaw

More details here

 

https://www.theverge.com/2017/10/16/16481252/wi-fi-hack-attack-android-wpa-2-details

0 Ratings
Liam_
Recognised Expert

on ‎16-10-2017 15h10

5,279 Views
Message 6 of 39

Re: WPA2 security flaw

The vulnerability would appear to be the targeting end point device as in the phone, tablet and likely a PC or laptop using a wireless connection.  It seemingly, is not targeting the access point, IE. Router or other wireless access point.  At least so far. As this quote from the link in message 5 would seem to indicate.

 

Although most devices appear to be vulnerable to attacks reading Wi-Fi traffic, the exploit doesn’t target access points.

So at least for the moment, it doesn't seem to be a router problem per se.

 

Perhaps if people were able utilise what would seem to be ‘best practice’ and use a wired connection for communications containing sensitive data, like Internet Banking etc. and refrain from keeping PII (personally identifiable information) on portable devices then the issue would have much less impact.

0 Ratings
peterh0001
Contributor

on ‎16-10-2017 15h18

5,267 Views
Message 7 of 39

Re: WPA2 security flaw

You should be using a VPN for any sensitive data anyway.

0 Ratings
Brandscill
Aspiring Expert

on ‎16-10-2017 15h19

5,264 Views
Message 8 of 39

Re: WPA2 security flaw

Not realistic to tell everyone using mobile banking they should also have a VPN
0 Ratings
smf22
Recognised Expert

on ‎16-10-2017 15h27

5,254 Views
Message 9 of 39

Re: WPA2 security flaw

@Brandscill wrote:
Not realistic to tell everyone using mobile banking they should also have a VPN

Not wanting to trivialise this in any way, but if you're using mobile banking the browser / app will be using HTTPS and so any transactions would not be exposed even if the WiFi were compromised.

0 Ratings
Brandscill
Aspiring Expert

‎16-10-2017 15h33 - edited ‎16-10-2017 15h35

5,227 Views
Message 10 of 39

Re: WPA2 security flaw

 

 

If you read the details on the site they highlight that

‘Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations. For example, HTTPS was previously bypassed in non-browser software, in Apple's iOS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps.’

0 Ratings