Platforms affected:
- OSMC for Raspberry Pi (all models)
- OSMC for Vero (all models)
A series of vulnerabilities [1] have been discovered in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.
This vulnerability has now been mitigated and a fix is included in OSMC for all supported platforms.
We recommend you update your device immediately. This can be done by going to My OSMC -> Updates -> Check for Updates. After updating, your system should report OSMC 2017.9-2 as the version in My OSMC.
Although OSMC has a monthly update cycle, OSMC makes critical bug fixes and fixes for security vulnerabilities immediately available. You can learn more about OSMC’s update cycle and about keeping your system up to date here.
[1] Krackattacks.com. (2017). KRACK Attacks: Breaking WPA2.