Home Automation Domotica Forum Europe, Bwired Forum

Domotica - Home Automation Forum
https://domoticaforum.eu/

SOLVED - Toon - wpa_supplicant & WPA2 leak

https://domoticaforum.eu/viewtopic.php?t=11824

Page 1 of 1

SOLVED - Toon - wpa_supplicant & WPA2 leak

Posted: Thu Oct 19, 2017 11:02 pm
by Timeless
Hi people,

As you may know there is a leak in the WPA2 standard (a.k.a KRACK), I also suspect that Toon is affected by this issue:

Code: Select all

wpa_supplicant -v
wpa_supplicant v2.0
Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi> and contributors
This could be an easy entry point into a normally secure network, since most people have Toon powered 24/7 (ofc.. it's a thermostat :) )
Unfortunately I don't have a build environment ready for building a patched version of wpa_supplicant for Toon. But since I noticed more and more packages appear here on the forums I figured there are some people capable of building these packages and therefor have a working build environment. LEDE has a couple of commits related to hostapd and therefor wpa_supplicant link maybe we can learn from them.

Toon also has a wired network interface which seems to disable Wireless entirely, when the wire is attached the WiFi interfaces is disabled and it's impossible to scan for available WiFi networks through the "internet" menu option, wlan0 is down as-well. So based on that I think WiFi is disabled when a wired connection is available. ...right?
luckily I had the privilege to use a cable but I gues most people wont be that lucky.

It would also be possible to wait for Eneco(Quby) until they release a patched version of wpa_supplicant. So if anyone has any information on that please let me know! :)

Re: Toon - wpa_supplicant & WPA2 leak

Posted: Fri Oct 20, 2017 10:03 am
by marcelr
Since the security threat is not that large --potential hackers need to be in the vicinity of your network, not a viable option for professional hackers with criminal intentions--, and the fact that Quby have announced a fix
( https://forum.toon.nl/algemene-vragen-o ... attack-727 ), I don't see a pressing need to issue a patched version of wpa_supplicant. Let's wait it out.

Re: Toon - wpa_supplicant & WPA2 leak

Posted: Fri Oct 20, 2017 10:51 am
by Timeless
True but still it should not be taken lightly. The hack only takes a couple of seconds/minutes "hackers" can just drive around and infect devices while driving.
But I guess it's fine to wait for Quby untill they released a fix, or at least a patched version of wpa_supplicant.
I just wanted to create a topic where the (final) solution can be posted so everyone that rooted their Toon and do not received updates anymore can manually install the fix once available.

Re: Toon - wpa_supplicant & WPA2 leak

Posted: Tue Sep 04, 2018 10:12 pm
by Timeless
This issue seems to be resolved since version 4.9 link
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited