16 Oct
2017
16 Oct
'17
2:36 p.m.
All,
LEDE noted that they will release a version 17.01.4 to resolve this.
This is a bug in the common implementation of the WPA2 protocol; though,
a backwards-compatible fix can be implemented. For routers and other
embedded devices, this requires a new firmware to be released by the
manufacturers. For phones, the manufacturers must release an update.
Operating systems can be updated. It should be borne in mind, that the
fix for routers only resolves the security problem if the device is
being used as a Wired Bridge (e.g. the device is a client of another
access point). Therefore, it's very important to patch clients on the
WLAN, as well as the router.
If you use devices that are WiFi-enabled, which manufactures have/will
not not provide an upgrade - you should no longer consider their data to
be secure over-the-air.
Also, quite a few devices have a bug in the dnsmasq DHCP client
software. Updates for this are being released by router manufacturers as
well (LEDE released an update for this in 17.01.3).
73,
- Lynwood
KB3VWG