Ubiquiti Devices & KRACK Vulnerability

Overview


At Ubiquiti Networks we take security very seriously, and realize that it is of utmost importance to our customers. Today (10/18/17), a vulnerability was published about WPA2 encrypted networks, the currently known secure form of encryption available to protect WiFi devices. We have been working with Jouni Malinen, the original author of hostap, as well as other industry leaders in security, to roll out a stable firmware in time for the public disclosure. For more information on the KRACK vulnerability, click here 

warning_25x25.png  IMPORTANT

Please note that this vulnerability affects WiFi client devices more specifically than access point devices. We strongly recommend that all users check with relevant mobile device, laptop, and IoT manufacturers for firmware updates resolving the KRACK issue in their devices.

Table of Contents


  1. UniFi
  2. UniFi FAQ
  3. AmpliFi
  4. airMAX
  5. airCube
  6. UniFi Video

UniFi


Back to Top

Looking for the short version? Go to How do I upgrade?

To ensure our customers are protected, we have released firmware for UniFi Access Points that resolves this vulnerability for all users using the wireless uplink feature. This firmware is immediately available, and can be downloaded in our UniFi Updates Blog. It has been pushed to all recent 5.6.x controller builds, as well as on our community blog. We will be rolling out to other controllers in the near future.

See our table below for a list of UniFi devices that need to have a firmware update because of the WPA-PSK KRACK vulnerabilities, and the ones that don't. The patched firmware is version 3.9.3.7537 released on October 16th, 2017. Any version prior to that is potentially vulnerable.

info_i_25x25.png Note: Firmware links below are all HTTPS. This assumes your device(s) are currently running at least 3.7.51, and that the device's date is properly set (i.e. it can reach a NTP server). If you encounter issues with the upgrade, or your device isn't on a minimum supported firmware, then you can change the link to HTTP before performing the upgrade.

For example: Firmware link for a UAP-AC according to table below is:

https://dl.ubnt.com/unifi/firmware/U7PG2/3.9.3.7537/BZ.qca956x.v3.9.3.7537.171013.1101.bin

If the note above applies to you, simply change the initial https to a http, resulting in: 

http://dl.ubnt.com/unifi/firmware/U7PG2/3.9.3.7537/BZ.qca956x.v3.9.3.7537.171013.1101.bin

 

UNAFFECTED DEVICES THAT DO NOT REQUIRE A FIRMWARE UPDATE

  • UAP-AC
  • UAP-AC v2
  • UAP-AC-Outdoor

 

DEVICES THAT NEED FIRMWARE UPDATE

DEVICE MODEL

FIRMWARE LINK

Note: These links must be copied to perform upgrade (not just clicked). To copy: right click on link and select Copy Link Address. See how to perform upgrade in GIF below.

UAP-AC-LITE
UAP-AC-LR
UAP-AC-PRO
UAP-AC-M
UAP-AC-M-PRO
UAP-AC-IW
UAP-AC-IW-PRO

Firmware (.bin)

UAP-AC-HD
UAP-AC-SHD

Firmware (.bin) 

UAP
UAP-LR
UAP-Outdoor
UAP-Outdoor5

Firmware (.bin) 

UAP v2
UAP-LR v2

Firmware (.bin) 

UAP-PRO

 Firmware (.bin)

UAP-Outdoor+

 Firmware (.bin)

UAP-IW

Firmware (.bin) 

 Find the MD5 Checksum Links for each model in the UniFi Updates Blog post.

warning_25x25.png  IMPORTANT

    • At this time, the beta feature 802.11r (Advanced "Fast Roaming" in the Controller UI version +5.6.X (still in beta)) is still vulnerable, so it is recommended to disable this feature temporarily. We are actively working on patching this, and it will be ready in the near future. You will find this feature in UniFi Controllers version +5.6 in Settings > Wireless Network > Advanced Options section. The initial "Fast Roaming" that is enabled automatically at the AP level, and mentioned in our UniFi - Fast Roaming article is not vulnerable and cannot be enabled/disabled. 

UniFi FAQ


Back to Top

1. How do I upgrade?

Update October 18th: We have pushed the v3.9.3 upgrade to UniFi Controllers (version 5.5.20+). You will now get an UPGRADE prompt in the actions column to upgrade to our patched firmware version. Just click on the button and wait until the upgrade is complete.

If you do not see the upgrade button, or it is trying to upgrade you to a firmware version other than 3.9.3, go to Settings > Maintenance and within the Services section click the Check Firmware Update button.

Screen_Shot_2017-10-18_at_12.12.58_PM.png

Screen_Shot_2017-10-18_at_12.13.09_PM.png

You can also see UniFi - Changing the firmware of a UniFi device for all the different options, or see the following gif for a quick example. (Notice we are unchecking the "Automatically upgrade firmware" (wording might change depending on Controller version) found in Settings > Site to avoid the APs from rolling back to the previous version. In the GIF below, we are copying the firmware link (.bin) from the UniFi Updates Blog post, you can alternatively copy it from the table above.

custom_upgrade.gif

Click gif to view in large in a new tab.

2. I don't see an Upgrade prompt for my AP. What do I do? 

You can perform a custom upgrade as demonstrated in the gif above, or see the UniFi - Changing the firmware of a UniFi device article for more options.

3. Can I perform a group upgrade?

Yes, make sure to make batches of models that use the firmware as listed in this post. See our UniFi - Group Configuration for Access Points article for more information.

4. I'm confused about versions. My version is 5.5.20, but the post mentions version 3.9.3.

There are two "versions" you need to be aware of. The UniFi Controller software version, and the Access Point firmware version. The upgrade you must perform is for the Access Point. In the example above, 5.5.20 is for the Controller, and 3.9.3 is for the Access Point. See where to find each one in the Controller > Devices tab in the image below. 

Screen_Shot_2017-10-16_at_2.15.05_PM.pngClick image to view in large in a new tab. This is what the Controller would have looked like prior to October 18th, when we pushed version 3.9.3.

5. After I perform the upgrade, an option appears in the Actions column to Upgrade. Should I click on it? 

Prior to Oct 18th this would appear if you were correctly on version 3.9.3 (the controller wanted to roll you back to the official 3.8.X version). But now the Controller (versions 5.5.20 and over) will be pushing the 3.9.3 firmware version. What does that mean? If you see an UPGRADE button in the Actions column, check the VERSION column. If your device's version is not 3.9.3.X, then go ahead and click it.

Screen_Shot_2017-10-18_at_12.12.58_PM.png

Click image to view in large in a new tab. This is what the Controller looks like now, after October 18th, when we pushed version 3.9.3. Notice the devices not on version 3.9.3.X are prompting me to upgrade.


AmpliFi 


Back to Top

AmpliFi line products are not affected since firmware v2.4.3.

Firmware v2.4.2 is partially affected and all versions prior to that are affected.


airMAX


Back to Top

Released: find below the fully patched firmware versions for AC (v8.4.2) and M (v6.1.2) airMAX devices. Note: our proprietary airMAX protocol makes simple attacks more difficult.

References:


airCube


Back to Top

Find the airCube firmware release information here


UniFi Video


Back to Top

Wired cameras are not affected. Wireless cameras (UVC-Micro / G3-Micro) are not vulnerable to MitM attacks due to complete encryption and mutual certificate authentication of NVR traffic implemented in version 3.8.0+.

Additionally, as of firmware release v3.8.61 (included with UniFi Video Controller v3.8.2), all wireless cameras have also been patched against the KRACK exploit for added security. Upgrading to UniFi Video v3.8.2 is recommended so that wireless cameras are upgraded and receive the patch.