Community Forums - Re: Krack Attack WPA2 vulnerability - Page 5

Neerneemort · ‎10-20-2017

Everyone should read this: https://www.krackattacks.com/#demo

To "fix" this, the client AND router/Wireless AP etc. need to be patched.

relder1 · ‎10-20-2017

For particulars around KRACK's (Key Reinstallation AttaACKs) you may want to read:

https://meraki.cisco.com/blog/2017/10/critical-802-11r-vulnerability-disclosed-for-wireless-networks...

https//nvd.nist.gov/vuln/detail/CVE-2017-13082

Cisco states, in order to help mitigate:

"We strongly urge all customers to verify that they are either patched to the latest firmware version* or that they have disabled 802.11r."

Kahn2 · ‎10-20-2017

So exactly WHEN is Verizon going to get around to pushing out a patch to it's routers? Inquiring potential victims want to know. Tech support apparenly doesn't have a clue when.

MrsSippyMoon · ‎10-20-2017

Agree. Verizon, is there an estimated turn around?

CRobGauth · ‎10-20-2017

Couple of things:

1) This is a peer to peer support forum so Verizon doesn't post here.

2) Do the FIOS rotuers even support 802.11r? I don't think so, but can't say for sure. If they dont, then there isn't a vulnerability. I haven't seen any settings in Quantum router that mentions 802.11r

Kahn2 · ‎10-21-2017

1. Verizon does not seem to answer its customers anywhere, so it can't hurt posting it here.

2. Windows 7 and above are not vulnerable (so most Win and IOS clients are OK, Lunix and OS X, not so much if they were compiled to support the old WPA extensions), any router that can support multiple access points (this includes WiFi extenders) will implement 802.11r, so you will not see any GUI setting on the router (this is after all a consumer product). (NOTE: Even on Cisco routers it's not immediately apparent, being a checkbox enabling "Fast Switching"). I would suspect the support exhibited by Fios routers connecting with the IoT would strongly indicate inherent 802.11r support being the case. So the question is a valid one waiting to be answered.

Side Note: In Linux this is done at compile time, hence why the firmware would require a patch. I would be overjoyed if it were as simple as turning off a switch.

Tommy_Router1 · ‎10-22-2017

I believe the G1100 router is manufactured by Actiontec.

I just found this on the Actiontec website:

https://actiontecsupport.zendesk.com/hc/en-us/articles/115005205283-KRACK-Vulnerability

Short Version- It indicates that if a service provider WiFI router is a concern, such as Verizon's, the service provider will 'push' the patch and it requires no other user intervention.

jonjones1 · ‎10-23-2017

Nope.

http://www.fiercecable.com/cable/greenwave-reality-builds-fios-quantum-gateway-for-verizon

Greenwave makes them for verizon.

but yes if their is a patch needed it will be pushed out from Verizon Fios.

FL2MD · ‎10-28-2017

Is there a Router Firmware Update for KRACK Vulnerability?

Actiontec MI424WR Rev. 1 Router

tns2 · ‎10-30-2017

@FL2MD wrote:
Is there a Router Firmware Update for KRACK Vulnerability?
Actiontec MI424WR Rev. 1 Router

The Actiontec MI424WR all revs, are not believed to be vulnerable. They don't support 802.11r. We need to hear first from Actiontec and then Verizon. Similar from Greenwave and Verizon. In each case the manufacturer needs to create a fix and pass it on to Verizon to implement and push out.

Discussions

Mobile

5G / LTE Home Internet

Fios

Accessories

Entertainment

Level Up

Help

Tutorials

Archives

Add thoughts to the community

Browse discussions within categories