This upgrade is to fix the recently discovered WiFi vulnerability - Krack. This upgrade is optional, there are no extra features or other bug fixes included. This is not DumaOS. If you have the R1 WiFi disabled then there is no need to upgrade to this version though it may be a good idea to do so if you plan on using the WiFi again in future.
If you are not on the latest version - 1.03.6g/h you will need to upgrade to that first before upgrading to this version. To check your version/upgrade to .g please go here.
Download the upgrade here
Go to the Upgrade section on the Netduma interface
Ensure preserve settings & check version are ticked.
Click browse & navigate to where you downloaded the upgrade file and click open.
Click upgrade, it will take around 3 minutes. Please do not unplug the router during this time.
If you are wired to your computer or connected via Wifi (and won't automatically connect to another Wifi name) you will be taken to the home interface screen when the upgrade has been completed.
If the rare event that you get an error message please contact us and do not turn off the router. Do not worry, it just requires some help from our team.
Fixed WPA2 KRACK attack by accepting key reinstall without changing anything.
As scary as this attack sounds, there are several mitigating factors at work here. First off, this is not an attack that can be pulled off remotely: An attacker would have to be within range of the wireless signal between your device and a nearby wireless access point.
More importantly, most sensitive communications that might be intercepted these days, such as interactions with your financial institution or browsing email, are likely already protected end-to-end with Secure Sockets Layer (SSL) encryption that is separate from any encryption added by WPA2 — i.e., any connection in your browser that starts with “https://”.
Also, the public announcement about this security weakness was held for weeks in order to give Wi-Fi hardware vendors a chance to produce security updates. The Computer Emergency Readiness Team has a running list of hardware vendors that are known to be affected by this, as well as links to available advisories and patches.
“There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections,” reads a statement published today by a Wi-Fi industry trade group. “This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.”
Sounds great, but in practice a great many products on the CERT list are currently designated “unknown” as to whether they are vulnerable to this flaw. I would expect this list to be updated in the coming days and weeks as more information comes in.
Some readers have asked if MAC address filtering will protect against this attack. Every network-capable device has a hard-coded, unique “media access control” or MAC address, and most Wi-Fi routers have a feature that lets you only allow access to your network for specified MAC addresses.
However, because this attack compromises the WPA2 protocol that both your wireless devices and wireless access point use, MAC filtering is not a particularly effective deterrent against this attack. Also, MAC addresses can be spoofed fairly easily.
To my mind, those most at risk from this vulnerability are organizations that have not done a good job separating their wireless networks from their enterprise, wired networks.
I don’t see this becoming a major threat to most users unless and until we start seeing the availability of easy-to-use attack tools to exploit this flaw. Those tools may emerge sooner rather than later, so if you’re super concerned about this attack and updates are not yet available for your devices, perhaps the best approach in the short run is to connect any devices on your network to the router via an ethernet cable (assuming your device still has an ethernet port).
From reading the advisory on this flaw, it appears that the most recent versions of Windows and Apple’s iOS are either not vulnerable to this flaw or are only exposed in very specific circumstances. Android devices, on the other hand, are likely going to need some patching, and soon.