SOLVED - Toon - wpa_supplicant & WPA2 leak

Forum about the Toon firmware, and its extensions

Moderators: marcelr, TheHogNL, Toonz

Post Reply
Timeless
Member
Member
Posts: 54
Joined: Fri Jan 06, 2017 12:51 pm

SOLVED - Toon - wpa_supplicant & WPA2 leak

Post by Timeless »

Hi people,

As you may know there is a leak in the WPA2 standard (a.k.a KRACK), I also suspect that Toon is affected by this issue:

Code: Select all

wpa_supplicant -v
wpa_supplicant v2.0
Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi> and contributors
This could be an easy entry point into a normally secure network, since most people have Toon powered 24/7 (ofc.. it's a thermostat :) )
Unfortunately I don't have a build environment ready for building a patched version of wpa_supplicant for Toon. But since I noticed more and more packages appear here on the forums I figured there are some people capable of building these packages and therefor have a working build environment. LEDE has a couple of commits related to hostapd and therefor wpa_supplicant link maybe we can learn from them.

Toon also has a wired network interface which seems to disable Wireless entirely, when the wire is attached the WiFi interfaces is disabled and it's impossible to scan for available WiFi networks through the "internet" menu option, wlan0 is down as-well. So based on that I think WiFi is disabled when a wired connection is available. ...right?
luckily I had the privilege to use a cable but I gues most people wont be that lucky.

It would also be possible to wait for Eneco(Quby) until they release a patched version of wpa_supplicant. So if anyone has any information on that please let me know! :)
Last edited by Timeless on Tue Sep 04, 2018 10:13 pm, edited 2 times in total.
"The greatest good you can do for another, is not to share your own riches, but to reveal to him, his own."
- Benjamin Disraeli -
marcelr
Global Moderator
Global Moderator
Posts: 1153
Joined: Thu May 10, 2012 10:58 pm
Location: Ehv

Re: Toon - wpa_supplicant & WPA2 leak

Post by marcelr »

Since the security threat is not that large --potential hackers need to be in the vicinity of your network, not a viable option for professional hackers with criminal intentions--, and the fact that Quby have announced a fix
( https://forum.toon.nl/algemene-vragen-o ... attack-727 ), I don't see a pressing need to issue a patched version of wpa_supplicant. Let's wait it out.
Timeless
Member
Member
Posts: 54
Joined: Fri Jan 06, 2017 12:51 pm

Re: Toon - wpa_supplicant & WPA2 leak

Post by Timeless »

True but still it should not be taken lightly. The hack only takes a couple of seconds/minutes "hackers" can just drive around and infect devices while driving.
But I guess it's fine to wait for Quby untill they released a fix, or at least a patched version of wpa_supplicant.
I just wanted to create a topic where the (final) solution can be posted so everyone that rooted their Toon and do not received updates anymore can manually install the fix once available.
"The greatest good you can do for another, is not to share your own riches, but to reveal to him, his own."
- Benjamin Disraeli -
Timeless
Member
Member
Posts: 54
Joined: Fri Jan 06, 2017 12:51 pm

Re: Toon - wpa_supplicant & WPA2 leak

Post by Timeless »

This issue seems to be resolved since version 4.9 link
"The greatest good you can do for another, is not to share your own riches, but to reveal to him, his own."
- Benjamin Disraeli -
Post Reply

Return to “Toon Firmware”