Register Guidelines E-Books Today's Posts Search

Go Back   MobileRead Forums > E-Book Readers > Kobo Reader

Notices

Reply
 
Thread Tools Search this Thread
Old 10-31-2017, 10:16 PM   #16
PeterT
Grand Sorcerer
PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.
 
Posts: 13,533
Karma: 78910202
Join Date: Nov 2007
Location: Toronto
Device: Libra H2O, Libra Colour
See https://github.com/kobolabs/hostap/c...2b3345ed8e52d3
https://github.com/kobolabs/hostap/c...cc3809bf2fd69d
https://github.com/kobolabs/hostap/c...a7f788645fa919

and probably others

Last edited by PeterT; 10-31-2017 at 10:18 PM.
PeterT is offline   Reply With Quote
Old 11-03-2017, 07:39 PM   #17
roebeet
Connoisseur
roebeet has learned how to read e-booksroebeet has learned how to read e-booksroebeet has learned how to read e-booksroebeet has learned how to read e-booksroebeet has learned how to read e-booksroebeet has learned how to read e-booksroebeet has learned how to read e-books
 
roebeet's Avatar
 
Posts: 67
Karma: 770
Join Date: Jun 2010
Location: Pennsylvania, USA
Device: Kindle 4 Basic, Kobo Aura
Quote:
Originally Posted by DNSB View Post
Not quite sure what you mean by the router being in a client mode unless you are referring to an AP being used in bridge mode. The KRACK vulnerability hijacks the 4 way handshake and appears to require that both sides allow recycling transmit and receive packet numbers (aka nonces) by the man in the middle. So the client/station/whatever and the AP/master must both be vulnerable for this to work as described in the original paper to allow eavesdropping on a wireless session. With the vulnerability on one side only, the results are not as useful to an attacker (not my opinion, I'm quoting from a Palo Alto engineer who has a heck of a lot more experience with network security than I).

To quote from the krackattacks.com website:

Currently, all vulnerable devices should be patched. In other words, patching the AP will not prevent attacks against vulnerable clients. Similarly, patching all clients will not prevent attacks against vulnerable access points. Note that only access points that support the Fast BSS Transition handshake (802.11r) can be vulnerable.

That said, it is possible to modify the access point such that vulnerable clients (when connected to this AP) cannot be attacked. However, these modifications are different from the normal security patches that are being released for vulnerable access points! So unless your access point vendor explicitly mentions that their patches prevent attacks against clients, you must also patch clients.


The first paragraph is why we have disabled Fast BSS Transitions on our corporate network.
Correct, I had meant bridged mode. Bad wording on my part.

I've heard back and forth about whether both sides need to be patched or just one (like the router). So I'm assuming the client should be patched, especially Linux-based devices using the 2.4 / 2.5 wpa_supplicant which again I'm not sure how susceptible the Kobo's actually are.

Last edited by roebeet; 11-03-2017 at 07:42 PM.
roebeet is offline   Reply With Quote
Advert
Old 11-03-2017, 07:44 PM   #18
roebeet
Connoisseur
roebeet has learned how to read e-booksroebeet has learned how to read e-booksroebeet has learned how to read e-booksroebeet has learned how to read e-booksroebeet has learned how to read e-booksroebeet has learned how to read e-booksroebeet has learned how to read e-books
 
roebeet's Avatar
 
Posts: 67
Karma: 770
Join Date: Jun 2010
Location: Pennsylvania, USA
Device: Kindle 4 Basic, Kobo Aura
Thanks. Looks like the first link in particular is notable.

Last edited by roebeet; 11-03-2017 at 07:48 PM.
roebeet is offline   Reply With Quote
Old 11-06-2017, 05:25 AM   #19
Robik
Junior Member
Robik has much to be proud ofRobik has much to be proud ofRobik has much to be proud ofRobik has much to be proud ofRobik has much to be proud ofRobik has much to be proud ofRobik has much to be proud ofRobik has much to be proud ofRobik has much to be proud ofRobik has much to be proud ofRobik has much to be proud of
 
Posts: 7
Karma: 27948
Join Date: Apr 2016
Device: Kobo Aura H2O
Quote:
Originally Posted by eenk View Post
The bug affects wpa_supplicant and hostap. The latter most probably isn't used on the Kobo eink readers, but the former is for connecting to wireless LANs. However, the attack mentioned does not in a compromise of the WPA2 passphrase, but instead a single session can be read. For a ebook reader I would guess that its WLAN is off most of the time, and only sporadically switched on for syncing. At least as a temporary user measure this shouldn't be a burden on users. And even if a session gets compromised at the data link level, I fail to see what damage could be done? A firmware download is rare, and then the attacker doesn't get any valuable information I would think. Sending a hacked firmware inband doesn't seem to be really possible, but I might be wrong here. Seeing reading statistics also doesn't strike me as too dangerous unless in those cases where someone doesn't want even Kobo to see them. So the danger of Krack on ebook readers doesn't strike me as even low.
Connections to kobo.com -> https. You can't see nothing.
You can see only http connections from web browser.
Robik is offline   Reply With Quote
Old 11-07-2017, 09:33 PM   #20
JSWolf
Resident Curmudgeon
JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.
 
JSWolf's Avatar
 
Posts: 79,771
Karma: 145864619
Join Date: Nov 2006
Location: Roslindale, Massachusetts
Device: Kobo Libra 2, Kobo Aura H2O, PRS-650, PRS-T1, nook STR, PW3
Will this changes shown on github be in the next version firmware?
JSWolf is offline   Reply With Quote
Advert
Old 11-07-2017, 09:56 PM   #21
PeterT
Grand Sorcerer
PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.
 
Posts: 13,533
Karma: 78910202
Join Date: Nov 2007
Location: Toronto
Device: Libra H2O, Libra Colour
I can't speak for Kobo but.... if they've published the source changes what do YOU think?
PeterT is offline   Reply With Quote
Old 11-07-2017, 10:58 PM   #22
DNSB
Bibliophagist
DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.
 
DNSB's Avatar
 
Posts: 46,288
Karma: 169098402
Join Date: Jul 2010
Location: Vancouver
Device: Kobo Sage, Libra Colour, Lenovo M8 FHD, Paperwhite 4, Tolino epos
Quote:
Originally Posted by PeterT View Post
I can't speak for Kobo but.... if they've published the source changes what do YOU think?
Why does Doug and the Slugs' third album pop into my head?
DNSB is offline   Reply With Quote
Old 11-07-2017, 11:13 PM   #23
PeterT
Grand Sorcerer
PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.PeterT ought to be getting tired of karma fortunes by now.
 
Posts: 13,533
Karma: 78910202
Join Date: Nov 2007
Location: Toronto
Device: Libra H2O, Libra Colour
Love it!
PeterT is offline   Reply With Quote
Reply


Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Troubleshooting Kindle PW vulnerable to wpa2 krack vulnerability? Eagle Reader Amazon Kindle 16 10-19-2017 06:00 PM
Glo Fast draining battery issue & Kobo's response itsmir Kobo Reader 14 01-06-2015 02:04 PM
My kobo doesn't work and I can't get a response from the technical team! jb1 Kobo Reader 19 12-28-2011 01:30 PM
Official Response from Craig to my inquiry about the LCD Defective Panel & OS 2.2 tipstir Android Devices 3 04-01-2011 03:42 AM
Kobo books needs to improve customer service response robko Kobo Reader 4 11-18-2010 01:47 PM


All times are GMT -4. The time now is 05:14 AM.


MobileRead.com is a privately owned, operated and funded community.