Still working my way through these but it seems that the WPA2 encryption protocol for WiFI has been cracked might be time to apply any patches recommended by your OS providers.
https://www.theguardian.com/technolo...arns?CMP=fb_gu
https://www.krackattacks.com/
Been discussing this loophole for a while now - it's been found to be valid and patchable.
Advice seems to be do your banking or anything "secure" using RJ45 and turn off router wifi until all patches are applied.
Turn off file sharing on any machone that you do banking (above )on.
B
Forgot to mention VPN for those on fixed ip
Last edited by Brian; 17th October 2017 at 11:19.
tbh I'd never do anything like banking over a wifi link! I know the 'smartphone generation' are really into doing all sorts of private things and communications over wifi from their phone but it really is not a good idea. When I'm away from a 'proper' internet connection I do all my internet (banking/email/shopping/etc) over a vpn connection.
Microsoft has already patched this on supported OS (W7 upwards).
Does anyone know if you need to patch your wifi router as well as your wifi devices?
YesOriginally Posted by jools
Here's how my on-line chat with a BT person went:
...
...
...
Pavithra: Hi jools, Thanks for the above details. I know you are concerned whether your hub is potentially at risk of being hacked. I want to confirm, that we're aware of the issue and we are working with the industry to update the software as appropriate. This will be done, in the next 5 to 7 working days.
Pavithra: Is there anything else I can help you with. If not, can you please close the chat browser completely.
jools: So at the moment it is not patched?
Pavithra: No its not patched at the moment.
jools: Does BT recommend I still do on-line banking via wifi?
Pavithra: Yes you still can access online banking, please use virtual key board for the access.
jools: Ok thanks that's all. Bye.
No! This issue effects client devices not infrastructure access points. In a wifi connection from your PC (phone/tablet/etc) to a wifi router then it's the PC end that is a client and the router end is the infrastructure access point. This security issue is with the client device so a normal wifi router running normal access point mode isn't the problem. The only time when it might matter is if you use the access point or wifi router in some form of wifi repeater mode. Wifi repeater mode means you wifi router runs as an access point (AP) AND a client at the same time. However I can't think of any situation where in normal operation you would run your wifi router as a repeater so the issue would never arise. So to summarise you probably should patch your client devices be that windows/android/ios BUT with normal access point mode there is no need to change or patch anything on your wifi router.
Of course the other point is 99.9999% of bank and shopping sites use an SSL https web site connection which means the data is encrypted at the client device before being sent over the wifi connection so that means even if someone did hack your data connection then couldn't do anything or read the encrypted data!!
Essentially this is all just a load of hot air! Heck even google uses https for their web site now so this really is not worth worrying about.
Had a look at my Plusnet router and can see no way in settings to update firmware.
Are routers provided by ISPs easily updateable (or is it done automatically by the ISP)?
The short answer is that it depends on the ISP and the hardware.
There are very few fixed devices / firmware updates available as yet - I would contact your ISP and ask them how they update and ensure they are aware of the problem.
Thanks, though would hope they’re on top of problem.
Posting Permissions
Reply With Quote