It doesn’t surprise me at all, but a weaknesses was found in Wifi with WPA2, this is named KRACK
Fortunately ubiquiti quickly released firmware updates for their products.
I recied an email with links to the newer firmware (v.3.9.3.7537) in which this issue is fixed.
But I noticed this text in that announce email:
This firmware has been pushed to all recent 5.6.x controller builds, as well as on our community blog. We will be rolling out to other controllers in the near future.
Uh? Excuse me? all 5.6.x controllers? But I’m running the latest version of the UniFi controller, well almost I was running 5.5.20 and after an apt update apt upgrade I’m running 5.5.24.
Hmmm, let me take a look on the download page of ubiquiti https://www.ubnt.com/download/unifi
Most recent version is 5.5.24 on that page (at the moment of writing this).
Apparently there is already a pre-release of some kind of 5.6.x of the Unifi controller, but I always run stable version.
Well, let’s apply this update by hand in this case… Let me take a closer look of the link to the updated firmware. Hmm That’s nice, it’s a link true the link redirector of MailChimp so ubiquiti can see how much clicks they received on the mailing. Nice for their marketing department and/of management.
But I suspect that if I paste that url in the upgrade dialog box in the UniFi controller, that it won’t work. To be honest I didn’t bother to test this.
So, I used curl to see the actual link, but that link has a link with a parameter and I suspect that this is for statistics too. I think that that link may also fail in the upgrade dialog box, however I didn’t bother to test this either.
The “clean” link to the firm ware is: https://dl.ubnt.com/unifi/firmware/U7PG2/3.9.3.7537/BZ.qca956x.v3.9.3.7537.171013.1101.bin
This firmware (link) is for the folowing models:
UAP-AC-LITE
UAP-AC-LR
UAP-AC-PRO
UAP-AC-M
UAP-AC-M-PRO
UAP-AC-IW
UAP-AC-IW-PRO
As this is quite a big weakness, I immediately started to update.
So how did I do this and how can you do this?
Do this at your own risk!
I accept no liability what so ever for any damage that may occur during the following procedure!
Log into your UniFi controller and choose devices:
Click on the AP that you would like to upgrade, the properties screen will appear:
Choose configuration and then for manage device.
Paste the URL above to the firmware and click custom upgrade.
WARNING! Only use this url if you have one of the following UniFi models:
UAP-AC-LITE
UAP-AC-LR
UAP-AC-PRO
UAP-AC-M
UAP-AC-M-PRO
UAP-AC-IW
UAP-AC-IW-PRO
Use the “copy link address” function of your browser to copy the url to the firmware, by using the right mouse button on the link and click “Copy link address”
Happy updating!
Be aware that after the update your UniFi controller will show an available update for your AP. This is actually a downgrade to the most recent firmware available in your UniFi controller software.
So make sure that you have “Automatically upgrade firmware” turned off under settings!
Dutch version of this article can be found here