Home of the Squeezebox™ & Transporter® network music players.
Page 1 of 4 123 ... LastLast
Results 1 to 10 of 38

Thread: KRACK attacks

  1. #1

    KRACK attacks

    A serious security vulnerability in WPA2 was made public today, mainly affecting Wi-Fi clients. See https://www.krackattacks.com/ for details. What are the chances of seeing updated Squeezebox firmware to address this?

  2. #2
    Senior Member
    Join Date
    Apr 2013
    Location
    UK
    Posts
    1,013
    About zero. The Krack has no known exploits in the wild by the look of it, for now. And I doubt you're that worried about the security of the data going to your squeezeboxes..?


    Transcoded from Matt's brain by Tapatalk
    --
    Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0
    Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums..

  3. #3
    Senior Member
    Join Date
    Oct 2005
    Location
    Ireland
    Posts
    15,331
    It will only become relevant when an official soution is agreed (the problem is a protocol flaw not an implementation one) and router firmware is updated. According to reports - Apple have been working on the flaw for about a month and no update so far !

  4. #4
    Senior Member
    Join Date
    Apr 2013
    Location
    UK
    Posts
    1,013
    And yet BSD got a fix out in less than a month. Apple should just pick that up..


    Transcoded from Matt's brain by Tapatalk
    --
    Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0
    Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums..

  5. #5
    Senior Member pippin's Avatar
    Join Date
    Oct 2007
    Location
    Berlin
    Posts
    14,187
    OK, drop my first comment, both clients and APs need patching.
    That said: SBs usually don't transmit that much sensitive data although they can of course be used to hack into whatever is on your network once they have access.
    Last edited by pippin; 2017-10-16 at 06:45.
    ---
    learn more about iPeng, the iPhone and iPad remote for the Squeezebox and
    Logitech UE Smart Radio as well as iPeng Party, the free Party-App,
    at penguinlovesmusic.com
    New: iPeng 9, the Universal App for iPhone, iPad and Apple Watch

  6. #6
    Senior Member
    Join Date
    Apr 2005
    Posts
    129
    Quote Originally Posted by pippin View Post
    That said: SBs usually don't transmit that much sensitive data although they can of course be used to hack into whatever is on your network once they have access.
    That seems like a pretty serious concern. I don't really want some random person operating a machine on my private LAN. While my hope is that the only thing you can do to a SB by injecting arbitrary data into its TCP/IP connections is to make it play noise or abort playback, I don't know that for certain. If you can use KRACK to make a connection to any port you want, then you can telnet in to the SB and get a shell.

  7. #7
    Senior Member
    Join Date
    Apr 2013
    Location
    UK
    Posts
    1,013
    Only if you enable it.


    Transcoded from Matt's brain by Tapatalk
    --
    Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0
    Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums..

  8. #8
    Senior Member pippin's Avatar
    Join Date
    Oct 2007
    Location
    Berlin
    Posts
    14,187
    Well, right now not a single one of your devices is safe, long term weĹll have to see.
    ---
    learn more about iPeng, the iPhone and iPad remote for the Squeezebox and
    Logitech UE Smart Radio as well as iPeng Party, the free Party-App,
    at penguinlovesmusic.com
    New: iPeng 9, the Universal App for iPhone, iPad and Apple Watch

  9. #9
    Senior Member Mnyb's Avatar
    Join Date
    Feb 2006
    Location
    Vństerňs Sweden
    Posts
    16,165
    And old squeezeboxes will have the same faith as any other dead not longer developed product , it will not get any patches .

    But I'm more concerned about the laptop iPad iPhone and router at the moment
    --------------------------------------------------------------------
    Main hifi: Touch + CIA PS +MeridianG68J MeridianHD621 MeridianG98DH 2 x MeridianDSP5200 MeridianDSP5200HC 2 xMeridianDSP3100 +Rel Stadium 3 sub.
    Bedroom/Office: Boom
    Kitchen: Touch + powered Fostex PM0.4
    Misc use: Radio (with battery)
    iPad1 with iPengHD & SqueezePad
    (spares Touch, SB3, reciever ,controller )
    server HP proliant micro server N36L with ClearOS Linux

    http://people.xiph.org/~xiphmont/demo/neil-young.html

  10. #10
    Senior Member pippin's Avatar
    Join Date
    Oct 2007
    Location
    Berlin
    Posts
    14,187
    ... for which you might not get any updates pre-iOS 9, too.
    And most Android devices probably will not get an update at all
    ---
    learn more about iPeng, the iPhone and iPad remote for the Squeezebox and
    Logitech UE Smart Radio as well as iPeng Party, the free Party-App,
    at penguinlovesmusic.com
    New: iPeng 9, the Universal App for iPhone, iPad and Apple Watch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •