Home of the Squeezebox™ & Transporter® network music players.
Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Junior Member
    Join Date
    Mar 2008
    Posts
    16

    Any fix coming for Squeezebox Radio for Krack WPA2 vulnerability?

    I have been a happy user for many years of my Squeezebox Radio. And I fully understand how far out of warranty it is. But I would assume it is vulnerable to this WPA2 attack, and as a persistent, always-on client I really can't ignore the hole it represents in my network.

    https://www.krackattacks.com/

    Anything known definitively about vulnerability of the device? Any plans for patching it?

  2. #2
    Senior Member
    Join Date
    Apr 2013
    Location
    UK
    Posts
    1,012
    Feel free to help build a new firmware image...


    Transcoded from Matt's brain by Tapatalk
    --
    Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0
    Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums..

  3. #3
    Senior Member Mnyb's Avatar
    Join Date
    Feb 2006
    Location
    Vństerňs Sweden
    Posts
    16,163
    Check the other tread on this subject
    --------------------------------------------------------------------
    Main hifi: Touch + CIA PS +MeridianG68J MeridianHD621 MeridianG98DH 2 x MeridianDSP5200 MeridianDSP5200HC 2 xMeridianDSP3100 +Rel Stadium 3 sub.
    Bedroom/Office: Boom
    Kitchen: Touch + powered Fostex PM0.4
    Misc use: Radio (with battery)
    iPad1 with iPengHD & SqueezePad
    (spares Touch, SB3, reciever ,controller )
    server HP proliant micro server N36L with ClearOS Linux

    http://people.xiph.org/~xiphmont/demo/neil-young.html

  4. #4
    Junior Member
    Join Date
    Mar 2008
    Posts
    16
    Quote Originally Posted by Mnyb View Post
    Check the other tread on this subject
    I did look, but could not find any threads about it, which is why I posted.

    Can you point me to the thread?

    Quote Originally Posted by drmatt
    Feel free to help build a new firmware image...
    I had been assuming the firmware for the radio was closed source - I'm glad to be wrong if I am. Is there a repository for the Squeezebox Radio firmware? I looked on the Logitech Github page but it was not immediately apparent.
    Last edited by StewLG; 2017-10-17 at 06:09.

  5. #5
    Senior Member
    Join Date
    Apr 2013
    Location
    UK
    Posts
    1,012
    We wish.. i don't know the answer to that question tbh. I would guess it would be possible to produce a live hack but flashing a new image with a fixed wpa_supplicant seems to require full dev kit access or a great deal of ingenuity.


    Transcoded from Matt's brain by Tapatalk
    --
    Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0
    Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums..

  6. #6
    Senior Member Mnyb's Avatar
    Join Date
    Feb 2006
    Location
    Vństerňs Sweden
    Posts
    16,163
    Quote Originally Posted by drmatt View Post
    We wish.. i don't know the answer to that question tbh. I would guess it would be possible to produce a live hack but flashing a new image with a fixed wpa_supplicant seems to require full dev kit access or a great deal of ingenuity.


    Transcoded from Matt's brain by Tapatalk
    Thats for Radio and Touch and Controller , some parts of squeezeplay is not fully open sopurce, the older players are even more propriotary mostly closed source
    --------------------------------------------------------------------
    Main hifi: Touch + CIA PS +MeridianG68J MeridianHD621 MeridianG98DH 2 x MeridianDSP5200 MeridianDSP5200HC 2 xMeridianDSP3100 +Rel Stadium 3 sub.
    Bedroom/Office: Boom
    Kitchen: Touch + powered Fostex PM0.4
    Misc use: Radio (with battery)
    iPad1 with iPengHD & SqueezePad
    (spares Touch, SB3, reciever ,controller )
    server HP proliant micro server N36L with ClearOS Linux

    http://people.xiph.org/~xiphmont/demo/neil-young.html

  7. #7
    Senior Member
    Join Date
    Oct 2005
    Location
    Ireland
    Posts
    15,330
    Quote Originally Posted by StewLG View Post
    I did look, but could not find any threads about it, which is why I posted.

    Can you point me to the thread?
    http://forums.slimdevices.com/showth...-KRACK-attacks

    The big problem will be the routers - has your router been updated yet ?

  8. #8
    Quote Originally Posted by bpa View Post
    The big problem will be the routers - has your router been updated yet ?
    Perhaps surprisingly, this issue mainly affects clients, not routers. See the question "What if there are no security updates for my router?" at https://www.krackattacks.com/#faq

  9. #9
    Senior Member
    Join Date
    Apr 2005
    Posts
    447
    Quote Originally Posted by StewLG View Post
    I have been a happy user for many years of my Squeezebox Radio. And I fully understand how far out of warranty it is. But I would assume it is vulnerable to this WPA2 attack, and as a persistent, always-on client I really can't ignore the hole it represents in my network.

    https://www.krackattacks.com/

    Anything known definitively about vulnerability of the device? Any plans for patching it?
    From what I understand as long as your WiFi access point/router that SB connects to is updated for KRACK Attack and SB only connects to that router then you should be OK.

  10. #10
    Senior Member
    Join Date
    Apr 2013
    Location
    UK
    Posts
    1,012
    Quote Originally Posted by earthbased View Post
    From what I understand as long as your WiFi access point/router that SB connects to is updated for KRACK Attack and SB only connects to that router then you should be OK.
    Not true. The issue is all client not router.

    Anyway in a remarkable coincidence it seems most hardware squeezeboxes use such an old version of wpa_supplicant that they are not vulnerable to krack ....


    Transcoded from Matt's brain by Tapatalk
    --
    Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0
    Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •