Accessibility Resource Center Skip to main content
Get up to $500 when you bring your phone. Plus, waived smartphone activation fee when you buy online. Limited time offer.
end of navigation menu

Krack Attack WPA2 vulnerability

Reply
Neerneemort
Contributor
Contributor
Posts: 3
Registered: ‎10-20-2017

Re: Krack Attack WPA2 vulnerability

Message 41 of 57
(13,287 Views)

Everyone should read this: https://www.krackattacks.com/#demo

To "fix" this, the client AND router/Wireless AP etc. need to be patched.

 

 

 

relder
Contributor
Contributor
Posts: 1
Registered: ‎10-20-2017

Re: Krack Attack WPA2 vulnerability

Message 42 of 57
(13,204 Views)

For particulars around KRACK's (Key Reinstallation AttaACKs) you may want to read:

 

https://meraki.cisco.com/blog/2017/10/critical-802-11r-vulnerability-disclosed-for-wireless-networks...

 

https//nvd.nist.gov/vuln/detail/CVE-2017-13082

 

 

 

Cisco states, in order to help mitigate:

"We strongly urge all customers to verify that they are either patched to the latest firmware version* or that they have disabled 802.11r."

 

 

Kahn
Copper Contributor
Copper Contributor
Posts: 15
Registered: ‎03-24-2010

Re: Krack Attack WPA2 vulnerability

Message 43 of 57
(13,160 Views)

So exactly WHEN is Verizon going to get around to pushing out a patch to it's routers?  Inquiring potential victims want to know.  Tech support apparenly doesn't have a clue when.

MrsSippyMoon
Contributor
Contributor
Posts: 1
Registered: ‎10-20-2017

Re: Krack Attack WPA2 vulnerability

Message 44 of 57
(13,141 Views)

Agree. Verizon, is there an estimated turn around?

CRobGauth
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 8,010
Registered: ‎11-04-2008

Re: Krack Attack WPA2 vulnerability

Message 45 of 57
(13,121 Views)

Couple of things:

1) This is a peer to peer support forum so Verizon doesn't post here.

2) Do the FIOS rotuers even support 802.11r? I don't think so, but can't say for sure. If they dont, then there isn't a vulnerability. I haven't seen any settings in Quantum router that mentions 802.11r


If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.
Kahn
Copper Contributor
Copper Contributor
Posts: 15
Registered: ‎03-24-2010

Re: Krack Attack WPA2 vulnerability

Message 46 of 57
(13,018 Views)

1. Verizon does not seem to answer its customers anywhere, so it can't hurt posting it here.

2. Windows 7 and above are not vulnerable (so most Win and IOS clients are OK, Lunix and OS X, not so much if they were compiled to support the old WPA extensions), any router that can support multiple access points (this includes WiFi extenders) will implement 802.11r, so you will not see any GUI setting on the router (this is after all a consumer product).  (NOTE: Even on Cisco routers it's not immediately apparent, being a checkbox enabling "Fast Switching").  I would suspect the support exhibited by Fios routers connecting with the IoT would strongly indicate inherent 802.11r support being the case.  So the question is a valid one waiting to be answered.

 

Side Note: In Linux this is done at compile time, hence why the firmware would require a patch.  I would be overjoyed if it were as simple as turning off a switch.

Tommy_Router1
Contributor
Contributor
Posts: 1
Registered: ‎10-22-2017

Re: Krack Attack WPA2 vulnerability

Message 47 of 57
(12,811 Views)

I believe the G1100 router is manufactured by Actiontec.

I just found this on the Actiontec website:

https://actiontecsupport.zendesk.com/hc/en-us/articles/115005205283-KRACK-Vulnerability

 

Short Version- It indicates that if a service provider WiFI router is a concern, such as Verizon's, the service provider will 'push' the patch and it requires no other user intervention. 

jonjones
Platinum Contributor III
Platinum Contributor III
Posts: 5,320
Registered: ‎10-18-2016

Re: Krack Attack WPA2 vulnerability

Message 48 of 57
(12,707 Views)

Nope.

 

http://www.fiercecable.com/cable/greenwave-reality-builds-fios-quantum-gateway-for-verizon

 

Greenwave makes them for verizon.

but yes if their is a patch needed it will be pushed out from Verizon Fios.

 

FL2MD
Contributor
Contributor
Posts: 1
Registered: ‎10-28-2017

Router Firmware Update for KRACK Vulnerability

Message 49 of 57
(12,094 Views)

Is there a Router Firmware Update for KRACK Vulnerability? 

Actiontec MI424WR Rev. 1 Router

tns2
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 4,437
Registered: ‎12-16-2012

Re: Router Firmware Update for KRACK Vulnerability

Message 50 of 57
(11,946 Views)

@FL2MD wrote:

Is there a Router Firmware Update for KRACK Vulnerability? 

Actiontec MI424WR Rev. 1 Router


The Actiontec MI424WR all revs, are not believed to be vulnerable.  They don't support 802.11r.  We need to hear first from Actiontec and then Verizon.  Similar from Greenwave and Verizon.  In each case the manufacturer needs to create a fix and pass it on to Verizon to implement and push out.

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.
Have a spare Fios-G1100?Learn how to bridge it into your network
Get Started


Covid19

Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.
Modal Dialogue Title