WiFi

Getting Loopy with Sonos

I’ve now untangled several home networks which were brought to a grinding halt due to network “broadcast storms” caused by Sonos music players. This is avoidable and stupid network engineering on Sonos’s part. Here’s more about why this happens:

With networks, it has always been best practice to connect devices via Ethernet cable, whenever possible. Ethernet cabling is faster and more reliable because it is impervious to radio/WiFi interference. Ethernet performance does not degrade over distance like WiFi.

Devices which are capable of being connected via Ethernet should be designed to disable WiFi (preferably automatically) when connected with a cable. This avoids loops in the network, which create “broadcast storms” and bring the network down. The video below explains this phenomenon and also introduces a technology known as “Spanning Tree Protocol” – something we find in more expensive, business-class Ethernet switches, not the usual “unmanaged” Ethernet gear most users have in their homes:

The problem here is two-fold:

Sonos’s engineering team has made the decision to keep the “SonosNet” wireless network active, even when their device is connected via Ethernet. This is almost certainly going to cause broadcast storms on the user’s network.
This requires the user/installer for a HOME network product to be network savvy and have the knowledge and forethought to avoid this serious problem.

If you have Sonos gear on your network and it is connected via Ethernet (as it should be, when possible), you might consider disabling WiFi on your Sonos products as described in the article here:

https://bsteiner.info/articles/disabling-sonos-wifi

Sonos seems to think keeping WiFi enabled on Ethernet connected devices provides some type of redundancy (I guess in case the Ethernet cable gets unplugged?), but I think it is ridiculous and irresponsible to propose the “fix” to be an expensive business-class Ethernet switch in a home environment. Google search for “Sonos Network Storm” and you’ll see how many users this dumb design has impacted. Here, I’ll do it for you:

http://lmgtfy.com/?q=sonos+network+storm

KRACK: WiFi WPA2 Encryption Broken?

Update: Thursday, October 19th 10:50pm:

Dave Hamilton and the folks at The Mac Observer are keeping and updating a list of router vendors who have updated their firmware to block the different CVE’s (vulnerabilities):

https://www.macobserver.com/news/list-of-krack-patches-routers/

(older updates in red at the bottom of this post, newest posts are a the bottom)

Reports are surfacing across the internet tonight with rumors of the WiFi WPA2 encryption mechanism as being “compromised.” What does this mean?

When you connect to a password protected WiFi network (you’re NEVER joining non-password protected WiFi networks, right?!?), the traffic between your device and the WiFi access point (often your internet router) is encrypted using WPA2 (“Wi-Fi Protected Access”). This scrambling of your data means the information your Mac, iPhone or iPad sends/receives isn’t visible to another party (i.e. someone sitting in their car, outside your house) as it flies through the air, between your devices.

While some websites and software services also encrypt your data using something called “SSL”, this isn’t always the case and WiFi users have come to rely on the basic security of WPA2 to keep any non-SSL data transmission from prying eyes.

Tonight’s reports seem to indicate that researchers have found a way to break the security of WPA2. This means that even password protected WiFi networks are no longer secure.

This story is just coming to light and I anticipate big press coverage tomorrow and in the days following. I will update this as we know more. Here is the current take from Ars Technica:

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

For now, I (as always) recommend connecting devices with Ethernet whenever possible and securing WiFi connections using a VPN.

Update 10/16/2017 @ 8:15am:

All the gory details are available here: https://www.krackattacks.com

The KRACK vulnerability demonstrated:

https://www.youtube.com/watch?time_continue=263&v=Oh4WURZoR98

It appears this vulnerability in WPA2 *may* be able to be patched with a software update from either side (client device or the WiFi access point). If true, this is good news as it means you wouldn’t need to replace your router if the manufacturer is out of business or isn’t planning to release a firmware update for your model: “Implementations can be patched in a backwards-compatible manner. This means a patched client can still communicate with an unpatched access point, and vice versa. In other words, a patched client or access points sends exactly the same handshake messages as before, and at exactly the same moments in time. However, the security updates will assure a key is only installed once, preventing our attacks. So again, update all your devices once security updates are available.” To exploit this, an attacker must be within range of your WiFi network (i.e ~several hundred feet). This does NOT allow someone to access your devices, data or network from afar.
Unless you have some serious enemies (foreign governments, a highly tech-savvy Ex), hackers are likely to start trying this vulnerability on larger targets (big companies with credit card data, health data, financial records), rather than your small office or home network.
This is reportedly worse for devices running Android (non-Apple mobile phones) and Linux (many servers).
My recommendations above remain true – use Ethernet where possible and VPN when on WiFi.

Update 10/16/2017 @ 11:45am:

A good podcast with relevant KRACK information from The Mac Observer here:

Update 10/16/2017 @ 3:50pm:

Apple says they’ve fixed the exploit in the latest beta releases of iOS 11.1:

https://www.macrumors.com/2017/10/16/krack-wifi-vulnerabilities-patched-apple-ios-macos/

This release is available to developers as well as a public beta now.

Still no word on a firmware update for AirPort hardware…

Update 10/17/2017 @ 5:25pm:

iDownloadblog.com is reporting “The hack doesn’t seem to exploit access points such as Apple’s AirPort wireless appliances.” and “AirPort hardware not vulnerable”:

http://www.idownloadblog.com/2017/10/17/wi-fi-wpa2-krack-attack-apple-os-betas-fixed/

I have not seen proof of this claim yet and Apple has’t officially commented, so take it with the appropriate grain of salt…

Kirk van Druten

LANsharks Consulting

Need help?

LANsharks Consulting specializes in all things Apple, from installation to configuration and assistance: Macs, Networks, Printers, Backup Systems, WiFi & AirPort Networks, Routers, Time Capsules, iPhones, iPads, Troubleshooting, Diagnostics, Purchase Advice, Technical Support. Specializing in supporting individuals, home & small offices for over 25 years.

You can reach us at: kirk@lansharks.net or 510.601.5475.