3.8.4 in RC with #KRACK fix

Dear Turris testers,
we are happy to announce that we just pushed the fix of #KRACK vulnerability into Turris 1.x and Omnia RC branches. Let’s test it depper together so we will be able to deploy it ASAP.

It is possible that you won’t be able to connect to your Wi-Fi networks after the update. That can be easily solved by rebooting the device. Just push a button or restart your router via Foris/LuCI/SSH.

Please, keep in mind that we are not able to fix the vulnerability completely as it is mostly client-side problem. So update not only Turris, but also your computers, smartphones, tablets, washing machines, refrigerators, cars and so on. :scream: :tired_face: :wink: :sunglasses: :sunny:

Thank you for staying secure with us and enjoy the testing.

Looking forward to hear the feedback!



Update from 2017/10/17 17:09:45
The updater requests an autorisation of its planned actions. You can grant it in the Foris administrative interface. …

I have Turris 1.1 under contract and there is no authorisation button in Foris … Finished via ssh running updater.sh, program expected Enter or CTRL+C for continue …

if somebody dont know anything about KRACK attack here we go:
Discovered by Mathy Vanhoef of imec-DistriNet, KU Leuven

is there any more secure alternatives to wpa2 personal? I’ve heard wpa2 enterprise is a good fix but it seems quite a bit complicate to set it up on omnia and not all client devices are able to use that…

Both version of WPA2 - personal and enterprise - are vulnerable.
The fix is necessary.

Is it enough to fix the AP, or do both the AP and the client need to be fixed in order for this bug not to be exploitable in one particular situation? Or, more generally, is it enough for one side of the connection to be fixed, or do both sides need to be fixed?

1 Like

Thank you for the fast update. My Omnia with WLAN Modules MikroTik R11e-2HPnD and Compex WLE650V5-18 works fine without Problems.

best regards

It needs to be fixed on both sides.

1 Like

I may have worded it wrong but I meant that wpa2 enterprise offers an additional level of security underneath, so it’s a good workaround, like using a vpn or https. but I think that by the time I set up wpa2 enterprise at my home I think all the fixes for all my devices will be released already. so my initial question was - is there any quicker fix than setting up wpa2 enterprise?

Turris 1.0 BTRFS - simple configuration

update OK
test Wifi OK