emonPi KRACK fix

glyn.hudson · 17 October 2017 22:46

I’m sure many of you will have heard about the ‘KRACK’ vulnerability to the WiFi WPA2 protocol. This vulnerability affects almost all WiFi devices (routers & clients) including Raspberry Pi 3 / emonPi.

The good news is that thanks to the hard work of the Linux Debian team (open-source ) the vulnerability has been fixed you can update your emonPi to apply the fix by connecting to emonPi via SSH then running:

$ rpi-rw
$ sudo apt-get update && sudo apt-get upgrade -y
$ sudo reboot

Note: even though the update process is pretty safe we recomend backing up your local Emoncms data and making an image of your SD card e.g using dd to be able to restore in unlikely event of failure during the update.

Be patient upgrade can take a while (up to a few hours).

Tested 17th Oct 2017 with emonSD build 7th Nov16 based on Raspbian Jessie.

A patch for KRACK has also been applied to ESP8266 Arduino core framework. We will be releasing updates to our ESP8266 projects in the next day or so.

Robert.Wall · 18 October 2017 10:47

Note that, according to Netgear, routers aren’t vulnerable unless they start the transaction, i.e. they are in bridging mode. I’m not expert in this area, so I’m only reporting what I’ve seen. Nevertheless, updating is rarely a bad idea.

glyn.hudson · 18 October 2017 23:22

3 posts were split to a new topic: Missing /var/lib/mysql-file after raspbian package upgrade

glyn.hudson · 23 October 2017 13:45

During the update progress, when promoted choose “keep the local version” to keep the current php.ini config currently installed. emonSD has got a modification to php.ini to increase the max file size that can be uploaded via the web server. This is used for Emoncms backup module to be able to restore large files.