ubuntu-phone team mailing list archive

Thread
Date

Re: WPA2 protocol vulnerability

To: ubuntu-phone@xxxxxxxxxxxxxxxxxxx
From: Matthias Apitz <guru@xxxxxxxxxxx>
Date: Wed, 18 Oct 2017 12:10:04 +0200
In-reply-to: <20171018092338.6fsfbtuqpi55uh3n@webarch.email>
Mail-followup-to: Matthias Apitz <guru@xxxxxxxxxxx>, ubuntu-phone@xxxxxxxxxxxxxxxxxxx
Reply-to: Matthias Apitz <guru@xxxxxxxxxxx>
User-agent: Mutt/1.8.0 (2017-02-23)

El día miércoles, octubre 18, 2017 a las 09:23:42a. m. +0000, Chris Croome escribió:

> Hi
> 
> A update from Ubuntu would be ideal but failing that I wonder if
> manually installing the wpasupplicant deb from xenial or recompiling it
> would work?
> 
> - https://packages.ubuntu.com/xenial-updates/wpasupplicant
> 
> It would be a shame if this security issue is going to cause still
> working phones to be rendered too insecure to be usable.

Re/ 'too insecure to be usable': The problem does mean, that an attacker
could read your HTTP (or other unencrypted traffic in the Wifi), but does
not mean, for example, he could read your HTTPS traffic with your bank
account (and I do not even do any online banking from anywhere). So targets
are more company networks and the internal (unencrypted) traffic there,
and not your smartphone.

Btw: I compiled wpasupplicant from source on my FreeBSD netbook which is
now fixed.

	matthias


-- 
Matthias Apitz, ✉ guru@xxxxxxxxxxx, ⌂ http://www.unixarea.de/  ☎ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.

Attachment: signature.asc
Description: PGP signature

References

WPA2 protocol vulnerability
From: Matthias Apitz, 2017-10-18
Re: WPA2 protocol vulnerability
From: Chris Croome, 2017-10-18