cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
jake_d
Beginner
4,872 Views
Message 1 of 39

WPA2 security flaw

Can anyone reassure me that given the WPA2 WiFi security protocol has been hacked, BT Home Hubs have been patched?

I tried searching for a response from BT but couldn't see one.

See here for details: https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-tra...
Tags (2)
0 Ratings
38 REPLIES 38
4,850 Views
Message 2 of 39

Re: WPA2 security flaw

Yes, I have just been reading this article and would like to know if BT have patched our HomeHub5 Firmware.

0 Ratings
M3k0n
Beginner
4,795 Views
Message 3 of 39

Re: WPA2 security flaw

A firmware update is crucial as full disclosure of the attack vector is imminent, and the only way to mitigate is to turn WiFi off.

 

Looking forward to a prompt response from BT.

 

FYI “BT Business Hub 5 (Type A) | Software version 4.7.5.1.83.8.230 | Last updated 15/07/16

Tags (2)
Dippu
Aspiring Expert
4,749 Views
Message 4 of 39

Re: WPA2 security flaw

The website has just opened. Interesting Q&As.

 

https://www.krackattacks.com/

 

 

0 Ratings
Brandscill
Aspiring Expert
4,729 Views
Message 5 of 39

Re: WPA2 security flaw

0 Ratings
Liam_
Expert
4,494 Views
Message 6 of 39

Re: WPA2 security flaw

The vulnerability would appear to be the targeting end point device as in the phone, tablet and likely a PC or laptop using a wireless connection.  It seemingly, is not targeting the access point, IE. Router or other wireless access point.  At least so far. As this quote from the link in message 5 would seem to indicate.

 

Although most devices appear to be vulnerable to attacks reading Wi-Fi traffic, the exploit doesn’t target access points.

So at least for the moment, it doesn't seem to be a router problem per se.

 

Perhaps if people were able utilise what would seem to be ‘best practice’ and use a wired connection for communications containing sensitive data, like Internet Banking etc. and refrain from keeping PII (personally identifiable information) on portable devices then the issue would have much less impact.

0 Ratings
peterh0001
Contributor
4,482 Views
Message 7 of 39

Re: WPA2 security flaw

You should be using a VPN for any sensitive data anyway.

0 Ratings
Brandscill
Aspiring Expert
4,479 Views
Message 8 of 39

Re: WPA2 security flaw

Not realistic to tell everyone using mobile banking they should also have a VPN
0 Ratings
smf22
Recognised Expert
4,469 Views
Message 9 of 39

Re: WPA2 security flaw


@Brandscill wrote:
Not realistic to tell everyone using mobile banking they should also have a VPN

Not wanting to trivialise this in any way, but if you're using mobile banking the browser / app will be using HTTPS and so any transactions would not be exposed even if the WiFi were compromised.

0 Ratings
Brandscill
Aspiring Expert
4,442 Views
Message 10 of 39

Re: WPA2 security flaw

 

 

If you read the details on the site they highlight that

‘Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations. For example, HTTPS was previously bypassed in non-browser software, in Apple's iOS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps.’

0 Ratings