WPA2 security flaw - is eero impacted?
Hi there - I have been using my Eero (1st gen) for 6 months now and absolutely love it. I recently noticed a variety of news around a security flaw found in the WPA2 protocol which sounds very concerning (e.g. link to zdnet here).
1. Does this apply to Eero?
2. If so, what is Eero doing about it?
17 replies
-
Hi everyone!
We're happy to share that starting tonight, users can update their networks to eeroOS 3.5, which contains the patch to address the KRACK WPA2 vulnerability. As always, this update will be automatically installed to your network, however, you are free to manually push it if you'd like. To do so:
- Open the eero application
- Tap on the menu option in the top left corner
- Tap on Network Settings
- Scroll to the section titled Network software
- If you see the option Update available, you can tap that and update your network to the latest OS version
For more, visit the eero blog: https://blog.eero.com/krack-update-fix-available-eero-ota/
-
+1. This is hitting all the news sites, so brace yourselves, eero team...
-
More information can also be found here: https://www.krackattacks.com
-
I would imagine it does affect the eero. Hopefully like Microsoft (that already announced they already patched it) the eero team will also be super quick about this. No reason to think otherwise. :D
-
Well, it's been about 6.5 hours since official announcement of the vulnerability and eero didn't release any statement. Based on information available at https://www.kb.cert.org/vuls/id/228519 , eero wasn't even notified prior. So, my estimates are that firmware will be available in couple weeks... I want to be wrong about this.
-
+1 I want to know how vulnerable my Eero is at this point. Could Eero please put out an official statement on the matter! This is core to your business after all.
-
Yes, #infosec is on fire. However, the media tends to exaggerate things and misreport.
-
According to https://www.cbsnews.com/news/wi-fi-security-flaw-wpa2-protocol-hijack-krack-attack/ :
Aruba, Ubiquiti, and Eero are said to have patches available, according to sources we spoke to at the time of writing.
-
Hi everyone —
Thanks for checking in. We are aware of the KRACK vulnerability and our team is working to determine what next steps are necessary. As soon as we have more information, we will be sure to pass it along.
We will also have a blog post available later today with more information on our findings, as well as updates to what actions are being taken.
Your privacy and security are of most importance to us. Thanks again. -
Open Mesh says they'll release a patch tomorrow and to disable 802.11r in the meanwhile. Don't think that's available to us eero users, but perhaps they can use this workaround for us until our gear is updated.
-
KRACK update 1: fix in beta: https://blog.eero.com/krack-update-1-fix-beta/
-
Update released https://support.eero.com/hc/en-us/articles/209636523-eero-Software-Release-Notes
eeroOS-v3.5.0-312 - Released October 17, 2017
- KRACK WPA2 Vulnerability Patches
- Fix potential vulnerability in dnsmasq
- System stability improvements
- Bug fixes
Content aside
-
11
Likes
- 7 yrs agoLast active
- 17Replies
- 1290Views
-
20
Following