On 2017-10-17, J.O. Aho wrote:
On 10/16/17 23:31, Roger Blake wrote:
On 2017-10-16, J.O. Aho wrote:
It's more important to update the client than the server.

Is this something that MS can push an update out for to fix, or does the
wifi chip vendor need to fix device firmware or device driver?


No, not the chip vendor, the manufacturer of the device, for example to
get a fix for your phone, the phone manufacturer has to push out a fix,
then your phone operator may have a custom firmware for your phone, then
you may be vulnerable a lot longer.

As I understand it on Android, it uses wpa_supplicant to make the WPA2
connection, and what is needed is to push an updated wpa_supplicant
onto the phone (and presumably something similar for IOS).
I do not think it has anything to do with the firmware.



When it comes to your wifi, the Access point is usually not a client, so
it's not as vulnerable to the issue. It's important to get updates to
your devices that connects to wifi.