Author Topic: Vera vulnerable to Wi-Fi Krack exploit?  (Read 538 times)

Offline anthonyris

  • Full Member
  • ***
  • Posts: 227
  • Karma: +5/-1
Vera vulnerable to Wi-Fi Krack exploit?
« on: October 17, 2017, 11:38:25 pm »
I must assume the MCV folks are aware of the Wi-Fi issue. Any news on a patch?
Vera3x2, Leviton, GE dimmers, relays and lamp modules, Sonos, Nests...

Offline BOFH

  • Sr. Hero Member
  • ******
  • Posts: 2410
  • Karma: +112/-139
Re: Vera vulnerable to Wi-Fi Krack exploit?
« Reply #1 on: October 18, 2017, 08:39:15 am »
The issue is not so much with Vera as it is with the WPA/WPA2 encryption protocol. Which is part of the underlaying OpenWRT OS that MIOS runs on.
Vera3 UI5 UI7 Edge Plus
Trane TZEMT400AB32 | Schlage BE369 FE599 | GE 45601 45602 45603 45604 45606 45609 45631 | Intermatic HA01C HA03C HA05C HA07C CA600 CA3000 | Aeon DSC06106 | Telguard GDC1 | Foscam FI8910W FI8905W FI9821W | D-Link 930L | Wanscam JW0011 | ZModo ZPIBH13W

Offline akbooer

  • Master Member
  • *******
  • Posts: 5231
  • Karma: +226/-67
  • "Less is more"
Re: Vera vulnerable to Wi-Fi Krack exploit?
« Reply #2 on: October 18, 2017, 09:00:54 am »
TBH, this is really the least of your worries with Vera, because of the very sloppy approach to secure handling of data and the inherent vulnerabilities of UPnP.
3x Vera Lite-UI5/Edge-UI7, 25x Fibaro, 23x TKB, 9x MiniMote, 2x NorthQ Power, 2x Netatmo, 1x Foscam FI9831P.
Razberry, MySensors Arduino, HomeWave, AltUI, DataYours, openLuup, ZWay, ZeroBrane Studio.

Offline RichardTSchaefer

  • Master Member
  • *******
  • Posts: 9724
  • Karma: +737/-136
    • RTS Services Plugins
Re: Vera vulnerable to Wi-Fi Krack exploit?
« Reply #3 on: October 18, 2017, 11:04:08 am »
The fix is for clients that attach to a WIFI hotspot ...
If you connect your Vera via WIFI you are vulnerable ... Use a wired connection!
There are LOTS of wifi devices in my house ... that I doubt I can get software updates for.
The software in Vera is VERY OLD ...
It's based on the OpenWRT Barrier Breaker release from the end of 2014.




Offline futzle

  • Beta Testers
  • Master Member
  • *****
  • Posts: 3246
  • Karma: +188/-9
Re: Vera vulnerable to Wi-Fi Krack exploit?
« Reply #4 on: October 18, 2017, 05:19:10 pm »
The latest OpenWrt (15.05.1) is also vulnerable to KRACK. You would need to move to the fork of OpenWrt, LEDE, release 17.01.4, to have the version of hostapd/wpad/wpa-supplicant that is patched against KRACK.

I don?t see Vera doing this TBH.

Offline BOFH

  • Sr. Hero Member
  • ******
  • Posts: 2410
  • Karma: +112/-139
Re: Vera vulnerable to Wi-Fi Krack exploit?
« Reply #5 on: October 18, 2017, 05:43:55 pm »
I have WiFi switched off on my Vera's as I have an existing WiFi setup already. Running DD-WRT so I'm keeping an eye out for a patched version of that.  It has a whitelisted MAC table, which although not foolproof (MAC spoof anyone) will make it a bit more time-consuming. Hopefully giving my IDS enough time to catch on and have it tell the gateway to drop the LAN port for the WiFi network and send me an alert.
Vera3 UI5 UI7 Edge Plus
Trane TZEMT400AB32 | Schlage BE369 FE599 | GE 45601 45602 45603 45604 45606 45609 45631 | Intermatic HA01C HA03C HA05C HA07C CA600 CA3000 | Aeon DSC06106 | Telguard GDC1 | Foscam FI8910W FI8905W FI9821W | D-Link 930L | Wanscam JW0011 | ZModo ZPIBH13W

Offline Alex Waverley

  • Jr. Member
  • **
  • Posts: 61
  • Karma: +4/-0
Re: Vera vulnerable to Wi-Fi Krack exploit?
« Reply #6 on: October 18, 2017, 11:04:24 pm »
I wouldn't stress out too much. How valuable is the information that is being sent to and from Vera via wifi? Valuable enough for someone to take the trouble of sitting within range of your wifi connection to monitor and intercept it? I hope not. VERA and products like it are toys and should never be used for anything beyond the trivial.

I don't send any information that is worth a plug nickel to anyone via wifi .  I have a few devices that can initiate scenes, but that's about it. S.P.E.C.T.R.E. or T.H.R.U.S.H. would be profoundly disappointed in the extortion opportunities provided by gaining control of my kitchen light. In other words,  the best security system is not being a valuable target in the first place.
Please hold your applause until I have concluded my remarks.

Offline BOFH

  • Sr. Hero Member
  • ******
  • Posts: 2410
  • Karma: +112/-139
Re: Vera vulnerable to Wi-Fi Krack exploit?
« Reply #7 on: October 19, 2017, 09:09:22 am »
I'm not really worried. As I said Vera's WiFi is off. As for my WiFi network, I'm hoping for a patch for DD-WRT soon so I can plug the hole but I'm not sweating it. If someone sits on the street in front of my house in a car, my K9 security system will detect that and alert. Since I have a camera on them, I'm pretty sure I will notice their behaviour. I also have a camera aimed down my drive so I would be able to see Mr. or Mrs.B. Hat and catch them in the act. :-) Easy enough to SSH into my home server and drop the WiFi LAN port to stop their game.
Vera3 UI5 UI7 Edge Plus
Trane TZEMT400AB32 | Schlage BE369 FE599 | GE 45601 45602 45603 45604 45606 45609 45631 | Intermatic HA01C HA03C HA05C HA07C CA600 CA3000 | Aeon DSC06106 | Telguard GDC1 | Foscam FI8910W FI8905W FI9821W | D-Link 930L | Wanscam JW0011 | ZModo ZPIBH13W

Offline akbooer

  • Master Member
  • *******
  • Posts: 5231
  • Karma: +226/-67
  • "Less is more"
Re: Vera vulnerable to Wi-Fi Krack exploit?
« Reply #8 on: October 19, 2017, 09:46:17 am »
Quote
How valuable is the information that is being sent to and from Vera via wifi? Valuable enough for someone to take the trouble of sitting within range of your wifi connection to monitor and intercept it? I hope not.

Probably more than enough to tell whether you're in or out...
3x Vera Lite-UI5/Edge-UI7, 25x Fibaro, 23x TKB, 9x MiniMote, 2x NorthQ Power, 2x Netatmo, 1x Foscam FI9831P.
Razberry, MySensors Arduino, HomeWave, AltUI, DataYours, openLuup, ZWay, ZeroBrane Studio.

Offline aa6vh

  • Hero Member
  • *****
  • Posts: 602
  • Karma: +12/-0
Re: Vera vulnerable to Wi-Fi Krack exploit?
« Reply #9 on: October 19, 2017, 10:45:20 am »
Probably more than enough to tell whether you're in or out...

Or they could just knock on the door....  (and yes, that has happened to me.)

All of the local bad guys that I am aware of do not have the smarts to perform computer hacking.

Offline BOFH

  • Sr. Hero Member
  • ******
  • Posts: 2410
  • Karma: +112/-139
Re: Vera vulnerable to Wi-Fi Krack exploit?
« Reply #10 on: October 19, 2017, 12:38:33 pm »
Like I said, I have a K9 security system which is quite capable of handling physical break-ins.  8)
Vera3 UI5 UI7 Edge Plus
Trane TZEMT400AB32 | Schlage BE369 FE599 | GE 45601 45602 45603 45604 45606 45609 45631 | Intermatic HA01C HA03C HA05C HA07C CA600 CA3000 | Aeon DSC06106 | Telguard GDC1 | Foscam FI8910W FI8905W FI9821W | D-Link 930L | Wanscam JW0011 | ZModo ZPIBH13W

Offline John M.

  • Administrator
  • Hero Member
  • *****
  • Posts: 561
  • Karma: +44/-4
    • getvera.com
Re: Vera vulnerable to Wi-Fi Krack exploit?
« Reply #11 on: October 19, 2017, 02:39:54 pm »
Hello guys, wanted to ping in, and tell that, this is looked for as I speak.

« Last Edit: October 19, 2017, 05:02:20 pm by John M. »
John.M. ▾ Senior Customer Care Advocate
Vera Control, Ltd. ▾ Smarter Home Control  ▾ support@getvera.com ▾www.getvera.com ▾ +1 (866) 966-2272

HOURS OF OPERATION (Pacific Time Zone, UTC -8 )
Monday - Friday   12:00 am ? 06:00 pm
Saturday - Sunday   04:00 am ? 06:00 pm

Offline RichardTSchaefer

  • Master Member
  • *******
  • Posts: 9724
  • Karma: +737/-136
    • RTS Services Plugins
Re: Vera vulnerable to Wi-Fi Krack exploit?
« Reply #12 on: October 19, 2017, 05:00:39 pm »
@BOFH ...
Have your trained your K9s for cyber security ?

Offline BOFH

  • Sr. Hero Member
  • ******
  • Posts: 2410
  • Karma: +112/-139
Re: Vera vulnerable to Wi-Fi Krack exploit?
« Reply #13 on: October 19, 2017, 06:41:59 pm »
@Richard: Now there's an idea... For now they just handle the physical side. I wonder if Alexa understands dog so they could bark at her to get stuff done. :)
Vera3 UI5 UI7 Edge Plus
Trane TZEMT400AB32 | Schlage BE369 FE599 | GE 45601 45602 45603 45604 45606 45609 45631 | Intermatic HA01C HA03C HA05C HA07C CA600 CA3000 | Aeon DSC06106 | Telguard GDC1 | Foscam FI8910W FI8905W FI9821W | D-Link 930L | Wanscam JW0011 | ZModo ZPIBH13W

Offline Alex Waverley

  • Jr. Member
  • **
  • Posts: 61
  • Karma: +4/-0
Re: Vera vulnerable to Wi-Fi Krack exploit?
« Reply #14 on: October 20, 2017, 05:50:15 pm »
Quote
How valuable is the information that is being sent to and from Vera via wifi? Valuable enough for someone to take the trouble of sitting within range of your wifi connection to monitor and intercept it? I hope not.

Probably more than enough to tell whether you're in or out...

It shouldn't be. I keep my security system and automation devices separated. Same with my cameras. Vera can close my garage door but the trigger runs through a reed switch so it it physically isolated if the door is closed. My cameras are hard-wired on an isolated subnet and I use a physical contact closure to activate panic lighting via the alarm. Vera and products like it are not security or life safety devices and should not be relied upon for critical functions.

Just my two cents. Which I intend to keep safe.
Please hold your applause until I have concluded my remarks.