Security Advisory for WPA2 Vulnerabilities

Summary

Network security researcher Mathy Vanhoef of imec-DistriNet, KU Leuven discovered a critical security concern involving Wi-Fi Protected Access II (WPA2) called KRACK. Since the flaw affects WPA2, a global Wi-Fi security standard, this means all products which use the protocol are affected. If abused, the security flaw may expose systems to possible remote attacks.

QNAP has fixed this issue in WirelessAP Station 0.1.0 (for QNAP devices using QNAP WirelessAP Station) and QTS 4.2.6 build 20171026 and 4.3.3.0361 build 20171101 (for QNAP devices connecting to networks using wireless USB dongles).

Recommendations

For users of QNAP WirelessAP Station, you must update to WirelessAP Station 0.1.0.

For those using wireless USB dongles to connect their NAS to Wi-Fi networks, you must update to the following QTS versions:

1. QTS 4.2.x: QTS 4.2.6 build 20171026
2. QTS 4.3.x: QTS 4.3.3.0361 build 20171101

Upgrading to WirelessAP Station 0.1.0

1. Log on to QTS as administrator.
2. Open the App Center, and then click the Search icon.
   A search box appears.
3. Type “WirelessAP Station”, and then press ENTER.
   The WirelessAP Station application appears in the search results list.
4. Click Update.
   A confirmation message appears.
5. Click OK.
   The application is updated.

Installing the QTS Update

1. Log on to QTS as administrator.
2. Go to Control Panel > System > Firmware Update.
3. Under Live Update, click Check for Update.

Tip: You can also download the update from the QNAP website. Go to Support > Download and then perform a manual update.

Notice

Since the flaw affects all products using the WPA2 protocol, QNAP recommends you avoid accessing your NAS using public Wi-Fi hotspots and open wireless access points.