|
|
|
|
|
|
by heavyset_go
2310 days ago
|
|
|
Thanks for your detailed post. > Also, the boundaries between firmware, hardware and (driver) software are pretty murky as far as Wi-Fi drivers are concerned Yeah, this is why I ask if it can be fixed via software. I've been utterly surprised at the amount of bugs that exist in firmware but can be mitigated on the seemingly software-side of things. I have a device that used the brcmfmac driver on Linux until today, and am hoping I won't have to shelve it forever. |
|
|
No need to shelve the device, just don't treat WiFi as a "trusted zone" and use better encryption on top of WPA2. You should anyway, and this vulnerability is just another small reason why. What this vulnerability does -- as I understand it -- is, when a device dissociates with the network, send the rest of the tx buffer with a zero'd out encryption key. And thus leaks a small amount of data. Not good, however if you apply common best practices to your network I wouldn't lose any sleep over it.