-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
All your WiFi devices are broken, Android/Linux devices particularly devastated
- Thread starter emag
- Start date
yes
Netgear released a patch it seems on 10-9
however this is all we get for notes
Fixes security issues.
thanks Netgear lol
for the R7000 nighthawk
The companies were instructed to not discuss the vulnerability publicly until today. It makes sense that no one mentioned it in prior patch notes.
Avenger54321
Member
Just updated my PC
Haven't seen anything yet for my phone (LG STYLO 2 on Android Nougat)
Haven't seen anything yet for my phone (LG STYLO 2 on Android Nougat)
so would it be safe to say that netgear most likely patched it already if thats the only thing the update was for.....was a security fix?
I wouldnt assume that the problem is fixed until the company comments on it now.
Yeah for any who have unifi equipment as we're patched today... Doesn't cover everything
The Chosen One
Member
Meh...
For corporate computers and networks this is a big deal, but for the average user on a home network this isn't a big deal. Unless you're a promient person in your community, it's very unlikely someone is going to park outside your door and go through the trouble of hacking into your WiFi network sifting through all your porn and Netflix traffic on the off chance you might enter your password to a financial account that actually has some real value. They don't care about your GAF or Pornhub account.
The biggest danger for regular home/mobile users is still spear fishing/ransomwre from remote hackers. keeping your browser updated, running anti-virus software, and avoiding dodgy/compromised sites is still the best way to keep your information and computer safe.
If you do happen to have sensitive information on your computer for work purposes then you really shouldn't be connecting via WiFi anyway.
For corporate computers and networks this is a big deal, but for the average user on a home network this isn't a big deal. Unless you're a promient person in your community, it's very unlikely someone is going to park outside your door and go through the trouble of hacking into your WiFi network sifting through all your porn and Netflix traffic on the off chance you might enter your password to a financial account that actually has some real value. They don't care about your GAF or Pornhub account.
The biggest danger for regular home/mobile users is still spear fishing/ransomwre from remote hackers. keeping your browser updated, running anti-virus software, and avoiding dodgy/compromised sites is still the best way to keep your information and computer safe.
If you do happen to have sensitive information on your computer for work purposes then you really shouldn't be connecting via WiFi anyway.
TheChewyWaffles
Member
Dont you have to be on the network to begin with for this to work? OP is a bit overblown if so.
OriginofHysteria
Banned
Just for the affected client I believe, since the encryption stream used by that client's handshake can be decrypted. I believe the article said the wifi password is not exposed.
I asked a page or two ago but haven't seen any confirmation one way or the other yet. I think you can be off the network and just replay some router packets during the handshake, after which you may be able to decrypt the user's packets (or possibly generate fake packets in the Android/Linux case).
If the user's packets are encrypted with HTTPS or VPN, you'd have to break that encryption using man in the middle or something as well.
Id guess most people use the same or similar passwords across sites, so getting any account password could be useful. The obvious lesson is to not do that, particular for financial accounts.
Looks like they forgot to tell TP-Link. Furthermore it says they updated today and they have not (doesn't seem like a single new firmware / news post / anything.
There's a driver update out if you have an Intel network adapter.
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr
They get updates all the time.
What's surprising is that they still support the 1st gen version even though it's over 4 years old now.
Technosteve
Banned
Will HP update my Touchpad?
Holy shit
No. The attacker just needs to have a device within WiFi range of your network.
See the link to the source (krack-attack) in the OP.
Martinski43
Member
Well good thing most of my stuff is connected by ethernet and i got only a Switch and iOS that is on Wi-Fi.
BigJonsson
Member
I wonder if my OnePlus One will get patched lol
I just remembered Google stopped updating Nexus 7 
I just checked and the last time it was updated was August 2016, so there's no chance in hell this is getting fixed.
Oh god, I remember how desperately I tried to get one of those, haha.
I just checked and the last time it was updated was August 2016, so there's no chance in hell this is getting fixed.Oh god, I remember how desperately I tried to get one of those, haha.
https://www.androidcentral.com/amazon-says-patch-wpa2-exploit-krack-works
Modems aren't related, unless you have a modem/router hybrid. But even then you want to patch clients as a priority because clients are the vulnerable ones here. You'll want a router patch if you use one as a WiFi extender.
EDIT: You will ideally want a router patch regardless because of the Fast BSS Transition handshake vulnerability if your router supports 802.11r. But patching your APs will NOT be a full replacement for patching your client devices. Your clients will still be vulnerable to the attack on the 4-way handshake.
https://kb.netgear.com/000049498/Se...ies-PSV-2017-2826-PSV-2017-2836-PSV-2017-2837
Ok, thx.
A new Kong build of DD-WRT (specific builds of DD-WRT designed for Broadcom-powered routers) with the fix has been released. It's build 33525M.
BreezyLimbo
Banned
my router had an update
I updated my computer a week ago(Windows 10)
I should be good right
Oh yeah there's my phone, it's like 3 years old, rip.
I updated my computer a week ago(Windows 10)
I should be good right
Oh yeah there's my phone, it's like 3 years old, rip.
https://support.t-mobile.com/thread/140179
https://support.t-mobile.com/thread/116010
I'm fucked aren't I?
I need your guys help in flashing custom firmware on this, lol
https://support.t-mobile.com/thread/116010
I'm fucked aren't I?
I need your guys help in flashing custom firmware on this, lol
There's hope: https://support.t-mobile.com/thread/142080 !
Is there any way to determine what specific Windows update(s) actually fix this? None of the ones installed on my Windows 8.1 PC or Windows 10 laptop match the ones that mentioned in this thread, and none of the articles I've read have been any help.
There's no hope in sight for my router, tablet or phone, so I'd at least like to save my computers. ;_;
There's no hope in sight for my router, tablet or phone, so I'd at least like to save my computers. ;_;
it's time to put it down
brianmcdoogle
Member
I know Apple commented that iOS, watchOS, tvOS, and macOS are already patched on betas and will be for the general public upon next release, but what about the Airport routers? I think those teams dont exist anymore and I cant recall the last time my old router had a firmware update.
Entroyp
Member
Patching your devices is enough to prevent this attack. Dont worry about APs/Routers.
Entroyp
Member
Why are you still running a G router?
KRACK - Just realized that "ACK" is for acknowledgement, because of the handshake.
Great name. Awful situation.
Great name. Awful situation.
As an AP, it may be fine, but don't set it to be a client or repeater, as mentioned in the OP.
Rebel Leader
THE POWER OF BUTTERSCOTCH BOTTOMS
I think i have that router
D
Deleted member 80556
Unconfirmed Member
Crap, my ISP is the one that handles all of the router's settings and stuff (like the website for managing the router is literally blocked). I hope that someone at IT learns about this and updates the routers.
I doubt that Sony updates the Xperia Z3 as well, ah damn.
I doubt that Sony updates the Xperia Z3 as well, ah damn.
Neverwinter27
Member
Is 4G affected?
DarkestHour
Banned
Still nothing from ASUS. I'm sure they will though since they do seem to push out firmware updates from time to time.
It might depend a bit on the actual vendor - it's not like all vendors take a patch and distribute the same thing. And different systems were vulnerable to different attacks (such as iOS 10.3.1+ and Windows 10 not being vulnerable to the 4-way handshake attack but still being vulnerable to the group key attack).
WiFi passwords are never compromised during any variation of the key reinstallation attacks, so that's not a concern.
As an example, here's Arch Linux's fix for wpa_supplicant. https://git.archlinux.org/svntogit/...t&id=9c1bda00a846ff3b60e7c4b4f60b28ff4a8f7768
No. If you actually read about it, you would know that these vulnerabilities affect WPA and WPA2 protected WiFi connections.
Now say you are using a 4G/LTE mobile hotspot or using your 4G/LTE capable phone or tablet as a mobile hotspot, then yes, in a sense 4G is affected but not really.
Prioritize patching your client devices, such as your phones, tablets, computers, game consoles, IoT/smart home devices, televisions, and anything else. Routers cannot be the targets of attackers using these vulnerabilities unless you are using a router as a range extender.
And not all vendors have patches out yet, and some may not receive patches at all, in particular for routers and access points, because again, they are not the ones technically affected by these vulnerabilities.
EDIT: You will still want to patch your access points/routers if you can to prevent attacks on the Fast BSS Transition handshake if they support 802.11r.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
You should be able to see all the information there. Find the applicable operating system version on that page, and there's a download link for each one. Those links should specifically show what updates include this fix. You can manually download the update, or just use Windows Update and they should appear.