Why upgrading the firmware of a router is dangerous and how to add WPA2 support to XP


My colleague John Howard recently added a post talking about upgrading the firmware on his wireless router to add support for WPA2 (Wireless Protected Access 2) – click here to read John’s post . As John points out KB893357 provides the required update for Windows XP. It is also necessary to apply a fireware update on the wireless Access point and Network Interface Card for each client unless they already support WPA2.


I am quite happy adding the update to Windows XP as the code is signed – the signature is validated via authenticode before installation takes place. Unfortunately the firmware update to (every Access Point I’ve ever seen) IS NOT signed hence it’s perfectly possible for a trojan or malware to be included in the update. Many people rely upon their Access Point(s) to act as a security boundary and hence such a compromise would have serious consequences.


You may argue that a humble Access Point wouldn’t have the “horse power” to validate a digital signature – I don’t believe this to be the case but even if it were the firmware update has to be downloaded to a PC before being applied to the Access Point and therefore the signature validation could take place there.


WPA2 is also known as 802.11i – it was recently certified by the IEEE. It brings AES cryptography to replace DES and has some denial of service protection.


WPA is more than enough for a home environment IMHO but if you have the option of WPA2 then it’s a nice to have.

Comments (1)

  1. Matt Dickins says:

    WPA2 would be nice, I really purely on good old fashioned WEP…. purerly cause I live in the middle of nowhere! I also get v. suspicious if I see alot of wireless activity on my AP’s LEDs. With a Proxy Server that adds a nice extra barrier to stealing my uncapped bandwidth or worse dling warez and malware and spreading that over the network.