- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Everyone should read this: https://www.krackattacks.com/#demo
To "fix" this, the client AND router/Wireless AP etc. need to be patched.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For particulars around KRACK's (Key Reinstallation AttaACKs) you may want to read:
https//nvd.nist.gov/vuln/detail/CVE-2017-13082
Cisco states, in order to help mitigate:
"We strongly urge all customers to verify that they are either patched to the latest firmware version* or that they have disabled 802.11r."
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So exactly WHEN is Verizon going to get around to pushing out a patch to it's routers? Inquiring potential victims want to know. Tech support apparenly doesn't have a clue when.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Agree. Verizon, is there an estimated turn around?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Couple of things:
1) This is a peer to peer support forum so Verizon doesn't post here.
2) Do the FIOS rotuers even support 802.11r? I don't think so, but can't say for sure. If they dont, then there isn't a vulnerability. I haven't seen any settings in Quantum router that mentions 802.11r
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1. Verizon does not seem to answer its customers anywhere, so it can't hurt posting it here.
2. Windows 7 and above are not vulnerable (so most Win and IOS clients are OK, Lunix and OS X, not so much if they were compiled to support the old WPA extensions), any router that can support multiple access points (this includes WiFi extenders) will implement 802.11r, so you will not see any GUI setting on the router (this is after all a consumer product). (NOTE: Even on Cisco routers it's not immediately apparent, being a checkbox enabling "Fast Switching"). I would suspect the support exhibited by Fios routers connecting with the IoT would strongly indicate inherent 802.11r support being the case. So the question is a valid one waiting to be answered.
Side Note: In Linux this is done at compile time, hence why the firmware would require a patch. I would be overjoyed if it were as simple as turning off a switch.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe the G1100 router is manufactured by Actiontec.
I just found this on the Actiontec website:
https://actiontecsupport.zendesk.com/hc/en-us/articles/115005205283-KRACK-Vulnerability
Short Version- It indicates that if a service provider WiFI router is a concern, such as Verizon's, the service provider will 'push' the patch and it requires no other user intervention.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nope.
http://www.fiercecable.com/cable/greenwave-reality-builds-fios-quantum-gateway-for-verizon
Greenwave makes them for verizon.
but yes if their is a patch needed it will be pushed out from Verizon Fios.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there a Router Firmware Update for KRACK Vulnerability?
Actiontec MI424WR Rev. 1 Router
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@FL2MD wrote:Is there a Router Firmware Update for KRACK Vulnerability?
Actiontec MI424WR Rev. 1 Router
The Actiontec MI424WR all revs, are not believed to be vulnerable. They don't support 802.11r. We need to hear first from Actiontec and then Verizon. Similar from Greenwave and Verizon. In each case the manufacturer needs to create a fix and pass it on to Verizon to implement and push out.