SOLVED - Toon - wpa_supplicant & WPA2 leak

Forum about the Toon firmware, and its extensions

Moderator: marcelr

SOLVED - Toon - wpa_supplicant & WPA2 leak

Postby Timeless » Thu Oct 19, 2017 10:02 pm

Hi people,

As you may know there is a leak in the WPA2 standard (a.k.a KRACK), I also suspect that Toon is affected by this issue:
Code: Select all
wpa_supplicant -v
wpa_supplicant v2.0
Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi> and contributors

This could be an easy entry point into a normally secure network, since most people have Toon powered 24/7 (ofc.. it's a thermostat :) )
Unfortunately I don't have a build environment ready for building a patched version of wpa_supplicant for Toon. But since I noticed more and more packages appear here on the forums I figured there are some people capable of building these packages and therefor have a working build environment. LEDE has a couple of commits related to hostapd and therefor wpa_supplicant link maybe we can learn from them.

Toon also has a wired network interface which seems to disable Wireless entirely, when the wire is attached the WiFi interfaces is disabled and it's impossible to scan for available WiFi networks through the "internet" menu option, wlan0 is down as-well. So based on that I think WiFi is disabled when a wired connection is available. ...right?
luckily I had the privilege to use a cable but I gues most people wont be that lucky.

It would also be possible to wait for Eneco(Quby) until they release a patched version of wpa_supplicant. So if anyone has any information on that please let me know! :)
Last edited by Timeless on Tue Sep 04, 2018 9:13 pm, edited 2 times in total.
"The greatest good you can do for another, is not to share your own riches, but to reveal to him, his own."
- Benjamin Disraeli -
Timeless
Starting Member
Starting Member
 
Posts: 38
Joined: January 2017

Re: Toon - wpa_supplicant & WPA2 leak

Postby marcelr » Fri Oct 20, 2017 9:03 am

Since the security threat is not that large --potential hackers need to be in the vicinity of your network, not a viable option for professional hackers with criminal intentions--, and the fact that Quby have announced a fix
( https://forum.toon.nl/algemene-vragen-o ... attack-727 ), I don't see a pressing need to issue a patched version of wpa_supplicant. Let's wait it out.
marcelr
Advanced Member
Advanced Member
 
Posts: 909
Joined: May 2012
Location: Ehv

Re: Toon - wpa_supplicant & WPA2 leak

Postby Timeless » Fri Oct 20, 2017 9:51 am

True but still it should not be taken lightly. The hack only takes a couple of seconds/minutes "hackers" can just drive around and infect devices while driving.
But I guess it's fine to wait for Quby untill they released a fix, or at least a patched version of wpa_supplicant.
I just wanted to create a topic where the (final) solution can be posted so everyone that rooted their Toon and do not received updates anymore can manually install the fix once available.
"The greatest good you can do for another, is not to share your own riches, but to reveal to him, his own."
- Benjamin Disraeli -
Timeless
Starting Member
Starting Member
 
Posts: 38
Joined: January 2017

Re: Toon - wpa_supplicant & WPA2 leak

Postby Timeless » Tue Sep 04, 2018 9:12 pm

This issue seems to be resolved since version 4.9 link
"The greatest good you can do for another, is not to share your own riches, but to reveal to him, his own."
- Benjamin Disraeli -
Timeless
Starting Member
Starting Member
 
Posts: 38
Joined: January 2017


Return to Toon Firmware

Who is online

Users browsing this forum: No registered users and 0 guests