WPA2 security flaw - is eero impacted?
Hi there - I have been using my Eero (1st gen) for 6 months now and absolutely love it. I recently noticed a variety of news around a security flaw found in the WPA2 protocol which sounds very concerning (e.g. link to zdnet here).
1. Does this apply to Eero?
2. If so, what is Eero doing about it?
We're happy to share that starting tonight, users can update their networks to eeroOS 3.5, which contains the patch to address the KRACK WPA2 vulnerability. As always, this update will be automatically installed to your network, however, you are free to manually push it if you'd like. To do so:
- Open the eero application
- Tap on the menu option in the top left corner
- Tap on Network Settings
- Scroll to the section titled Network software
- If you see the option Update available, you can tap that and update your network to the latest OS version
For more, visit the eero blog: https://blog.eero.com/krack-update-fix-available-eero-ota/
Well, it's been about 6.5 hours since official announcement of the vulnerability and eero didn't release any statement. Based on information available at https://www.kb.cert.org/vuls/id/228519 , eero wasn't even notified prior. So, my estimates are that firmware will be available in couple weeks... I want to be wrong about this.
According to https://www.cbsnews.com/news/wi-fi-security-flaw-wpa2-protocol-hijack-krack-attack/ :
Aruba, Ubiquiti, and Eero are said to have patches available, according to sources we spoke to at the time of writing.
Hi everyone —
Thanks for checking in. We are aware of the KRACK vulnerability and our team is working to determine what next steps are necessary. As soon as we have more information, we will be sure to pass it along.
We will also have a blog post available later today with more information on our findings, as well as updates to what actions are being taken.
Your privacy and security are of most importance to us. Thanks again.
Update released https://support.eero.com/hc/en-us/articles/209636523-eero-Software-Release-Notes
eeroOS-v3.5.0-312 - Released October 17, 2017
- KRACK WPA2 Vulnerability Patches
- Fix potential vulnerability in dnsmasq
- System stability improvements
- Bug fixes