Please select your location and preferred language where available.
UPDATE:SDHC/SDXC Memory Card with embedded wireless LAN functionality FlashAir™ may have a security vulnerability related to the generation and management of WPA2 key
- December 18, 2017
- Toshiba Memory Corporation
Toshiba Memory Corporation is informing our valued customers of a potential WPA2 wireless LAN protocol vulnerability with the Toshiba Memory FlashAir™ ("Product") has been identified. This vulnerability is related to the generation and management of key information which is utilized for encrypting data. With this vulnerability there exists a possibility that the data transmitted between the Product and wireless LAN devices such as smartphone can be compromised.
FlashAir™ W-04 ("Software Update Affected Product") needs to be updated to correct this issue. Please update the software of your Software Update Affected Product using the "FlashAir™ W-04 Software Update Tool".
We also ask customers to check this vulnerability of the Wi-Fi device connected to FlashAir™ ("Device") prior to connecting to the FlashAir™ W-03, FlashAir™ W-02 and FlashAir™ Class6, as well as the Software Update Affected Product whether it is updated or not . About the vulnerability of the Devices, please contact to Devices’ customer and/or technical support.
If you have any questions about this vulnerability of the Product, please contact the technical support representative and we will be happy to support you. For information regarding how to reach the technical support representative, please visit
https://www3.toshiba.co.jp/semicon/contact_e/cgi-bin/q_form.cgi
Software Update Affected Product and Version Information
| Software Update Affected Product | Model | Capacity Label | Software Version |
|---|---|---|---|
 SDHC/SDXC Memory Card with embedded wireless LAN functionality FlashAir™ W-04 |
SD-UWA064G | 64GB | V4.00.01 or earlier |
| SD-UWA032G | 32GB | ||
| SD-UWA016G |
16GB |
How to check the software version of your Products
From FlashAir™ App for Android or iOS:
Connect your Wi-Fi device to your FlashAir™.
Open the FlashAir™ App and tap "FlashAir information".
From FlashAir™ Configuration Software:
Insert your FlashAir™ in the SDHC/SDXC compliant SD card slot of your PC or a SDHC/SDXC memory card reader/writer connected to your PC. Open the "FlashAir™ Configuration Software". You can find the software version at the bottom-right corner of the Main Menu window.
Explanation of the vulnerability
Toshiba Memory Corporation as found a vulnerability of the WPA2 protocol used for wireless LAN encryption. This vulnerability is related to the generation and management of key information that encrypts the data transmitted.
Vulnerability Threat
There exists the possibility that data transmitted between the FlashAir™ W-04 and a wireless device may be compromised.
Solution
Please update the software of your Software Update Affected Product using the "FlashAir™ W-04 Software Update Tool" below.
This security vulnerability is modified in the software V4.00.02.
- http://www.toshiba-personalstorage.net/ww/support/download/flashair/w04/update.htm
Update History
- WPA2 is a trademark of Wi-Fi Alliance.
- Android is a trademark of Google Inc.
- All other company names, product names, and service names may be trademarks of their respective companies.
