Internet Unifi Firmware Upgrade No Certificate Check
Yesterday I heard about a vulnerability in the WPA2 WiFi protocol which seemed to signify that even the secure version of WiFi… isn’t. The most salient bespeak seems to exist that “attackers can use this novel attack technique to read data that was previously assumed to exist safely encrypted.” This sounds pretty bad.
You can read more about information technology here:
and I recommend that you exercise as it’southward nicely written and fairly piece of cake to digest. Kudos to Mathy Vanhoef for his work both in discovering and documenting the attack.
So what can we exercise?
Allow me echo the first Q&A point from the website:
Exercise we now demand WPA3?
No, luckily implementations tin be patched in a backwards-compatible manner. This means a patched client can notwithstanding communicate with an unpatched admission point (AP), and vice versa. In other words, a patched client or access point sends exactly the same handshake messages equally before, and at exactly the same moment in fourth dimension. However, the security updates will assure a key is simply installed once, preventing our assail. So again, update all your devices once security updates are available. Finally, although an unpatched client can yet connect to a patched AP, and vice versa, both the client and AP must be patched to defend against all attacks!
Ordinarily, at this point I’d start crying into my beer as I’d have a fairly strong suspicion that my network equipment was unlikely ever to be patched. However, if you lot take Ubiquiti kit, and so you lot’re in luck equally they have already released a patch.
I’ve recently started buying
Ubiquiti. This stuff is all the rage these days and for good reason; information technology’south very adept and is very well supported. I reckon I’d describe the UniFi range as prosumer kit.
So far, I’ve only bought a few items, then I won’t bore you with all the details (although it’south quite likely that I will on another occasion). I’ve got these:
- UniFi Security Gateway (USG)
- UniFi Cloud Key (UC-CK)
UniFi AP-HD (UAP-Ac-Hd)
– this is my wireless admission betoken
- An old generic gigabit switch
- An onetime BT OpenReach VDSL/FTTC modem
In a nutshell, everything is connected to the switch except the modem which is continued directly to the WAN port of the Security Gateway. The Cloud Fundamental
“securely runs a local instance of the UniFi Controller software and features cloud Unmarried Sign-On for remote admission”
which means I can login to it from anywhere and administer my domicile network, which is nice.
This meant that as presently equally I discovered that a patch had been authored, I was able to log on to my abode network from wherever I happened to exist (which was not at home) and see if the update was waiting for me. It wasn’t.
Ubiquiti are rolling out firmware updates every bit I blazon. If yours isn’t there nevertheless, check out their weblog post linked in the tweet:
— Ubiquiti Networks (@ubnt)
Oct sixteen, 2017
And then how can I forcefulness the update?
This is what I did.
Get-go I went to
and logged in.
Then I launched my dashboard (effectively logging in to my Cloud Cardinal) and noticed that my access point didn’t have the latest firmware and didn’t nevertheless say there was an update awaiting.
I clicked on
and so on my access point and went to
Configuration → Manage Device
and pasted the URL to the custom firmware from the Ubiquiti blog which, in my example, was this i:
UAP-Air conditioning-HD/SHD. And so I clicked
And that was pretty much it, a few minutes afterward, my device dashboard looked similar this:
It’south worth ownership decent network hardware.