Reply
Posts: 5
Registered: ‎04-11-2017
Accepted Solution

KRACK - WPA2 key reinstallation attack

[ Edited ]

 

Just checking, but I assume it's safe to say that Linksys WiFi products are affected by the Key Reinstallation Attack (KRACK) that just had its details released today. The CERT vulnerability notes don't specifically mention Linksys (though Belkin is mentioned in the expanded vendor list), but the notes also say that "[t]he vulnerabilities described here are in the standard itself as opposed to individual implementations thereof; as such, any correct implementation is likely affected."

 

Assuming that Linksys products are affected by this wonderful new vunlerability in WPA2 security, is there a timeline for when new firmware updates for access points and wireless routers can be expected?

 

It appears as though Belkin (parent company of Linksys) was notified of the issue on August 28. Has there been work ongoing to resolve this issue, so that updates might come sooner than later?

 

More details:

CERT Vulnerability Note - VU#228519

ZDNet - WPA2 security flaw puts almost every...

ARS - Severe flaw in WPA2 leaves WiFi...

The Register - WPA2 KRACK attack smacks WiFi Security

Expert
Posts: 13,603
Registered: ‎01-18-2013

Re: KRACK - WPA2 key reinstallation attack

I've notified Linksys engineering of this WPA2 vulnerability. When Linksys engineering responds I will report back.


Smiley Wink Please remember to Kudo those that help you.

Linksys
Communities Technical Support
Posts: 1
Registered: ‎10-18-2017

Re: KRACK - WPA2 key reinstallation attack

Hello,
this is a very serious problem, you have to react quickly.
This is a critical flaw.

Posts: 1
Registered: ‎10-25-2017

Re: KRACK - WPA2 key reinstallation attack

9 days later....  Netgear is all over this with status updates and patches already.  Does Linksys not care about the security of their customers?  At least give an update.

Posts: 5
Registered: ‎04-11-2017

Re: KRACK - WPA2 key reinstallation attack

This was posted over in the Wireless Routers forum a couple of days ago.

 

Linksys Security Advisory - KRACK

 

The Linksys Access Point (LAPN, LAPAC) products are affected, though only if using WDS or Workgroup Bridge functionality. Note that this advisory covers all affected Linksys, Belkin, and WeMo products. Not everything has a patch or update available yet.

Posts: 13
Registered: ‎11-03-2015

Re: KRACK - WPA2 key reinstallation attack

Why is this post considered "solved? The later post by @mikev1 is NOT a solution to everyone. No disrespect intended, but for a solution to be marked as such, it needs to be a valid solution for all.

 

Note that this issue has also been posted elsewhere in this forum, e.g. here: Patch for WPA2 vulnerability.

 

LINKSYS or BELKIN - someone official needs to post a proper response here or on a prominent webpage for all to see.  We all need to know when patches will be available for all router/extender/client adapters INCLUDING the older Exxxx series.

Posts: 5
Registered: ‎04-11-2017

Re: KRACK - WPA2 key reinstallation attack

I marked it as solved because as far as I know, Belkin/Linksys would include all models that are currently supported in their own advisory. And yes, I realize that fixes aren't available for everything yet, but they're getting there.

What model of Belkin/Linksys Access Point do you have that isn't included in that advisory?
Posts: 13
Registered: ‎11-03-2015

Re: KRACK - WPA2 key reinstallation attack

@mikev1, my current router I'd the E4200v2. As mentioned, there are no Exxxx in the list, leading me to the conclusion that there may never be an update for it. Thanks for asking though!
Posts: 5
Registered: ‎04-11-2017

Re: KRACK - WPA2 key reinstallation attack

I would imagine that's because technically it's a Cisco-Linksys device, not a Belkin-Linksys one. Though I see that the old firmware from 2014 is still available on the Belkin-Linksys website... but I would be surprised if Belkin updates Cisco-era products.

Also, yours would be applicable in the Wireless Routers forum, not the Wireless Access Points. Minor difference, but I'm going to be picky about it here. Smiley Happy
Posts: 13
Registered: ‎11-03-2015

Re: KRACK - WPA2 key reinstallation attack

No problem. I referenced the router forum in the thread where this is being discussed in that forum, above. Thought I'd put my two-pennies worth in here too. For me - whichever forum we're in - we, as end users, need a Linksys official to answer all our questions! Cheers!