UPDATE:SDHC/SDXC Memory Card with embedded wireless LAN functionality FlashAir™ may have a security vulnerability related to the generation and management of WPA2 key

  • December 18, 2017
  • Toshiba Memory Corporation

Toshiba Memory Corporation is informing our valued customers of a potential WPA2 wireless LAN protocol vulnerability with the Toshiba Memory FlashAir™ ("Product") has been identified. This vulnerability is related to the generation and management of key information which is utilized for encrypting data. With this vulnerability there exists a possibility that the data transmitted between the Product and wireless LAN devices such as smartphone can be compromised.

FlashAir™ W-04 ("Software Update Affected Product") needs to be updated to correct this issue. Please update the software of your Software Update Affected Product using the "FlashAir™ W-04 Software Update Tool".

We also ask customers to check this vulnerability of the Wi-Fi device connected to FlashAir™ ("Device") prior to connecting to the FlashAir™ W-03, FlashAir™ W-02 and FlashAir™ Class6, as well as the Software Update Affected Product whether it is updated or not . About the vulnerability of the Devices, please contact to Devices’ customer and/or technical support.

If you have any questions about this vulnerability of the Product, please contact the technical support representative and we will be happy to support you. For information regarding how to reach the technical support representative, please visit
https://www3.toshiba.co.jp/semicon/contact_e/cgi-bin/q_form.cgi

Software Update Affected Product and Version Information

Software Update Affected Product Model Capacity Label Software Version


SDHC/SDXC Memory Card with embedded wireless LAN functionality FlashAir™ W-04
SD-UWA064G 64GB V4.00.01 or earlier
SD-UWA032G 32GB
SD-UWA016G
16GB

How to check the software version of your Products

From FlashAir™ App for Android or iOS:
Connect your Wi-Fi device to your FlashAir™.
Open the FlashAir™ App and tap "FlashAir information".

Open the FlashAir™ App and tap "FlashAir information".

From FlashAir™ Configuration Software:
Insert your FlashAir™ in the SDHC/SDXC compliant SD card slot of your PC or a SDHC/SDXC memory card reader/writer connected to your PC. Open the "FlashAir™ Configuration Software". You can find the software version at the bottom-right corner of the Main Menu window.

Open the "FlashAir™ Configuration Software". You can find the software version at the bottom-right corner of the Main Menu window.

Explanation of the vulnerability

Toshiba Memory Corporation as found a vulnerability of the WPA2 protocol used for wireless LAN encryption. This vulnerability is related to the generation and management of key information that encrypts the data transmitted.

Vulnerability Threat

There exists the possibility that data transmitted between the FlashAir™ W-04 and a wireless device may be compromised.

Solution

Please update the software of your Software Update Affected Product using the "FlashAir™ W-04 Software Update Tool" below.
This security vulnerability is modified in the software V4.00.02.

  • http://www.toshiba-personalstorage.net/ww/support/download/flashair/w04/update.htm

Update History

  • WPA2 is a trademark of Wi-Fi Alliance.
  • Android is a trademark of Google Inc.
  • All other company names, product names, and service names may be trademarks of their respective companies.