Reply
Expert
Posts: 13,302
Registered: ‎01-18-2013

Re: Patch for KRACK vulnerability WPA2?

I'm not sure but would guess that all non EOF devices that are effected would get firmware updates.

 

Do you know if it's strictly an OS problem or does hostapd have to be updated as well. The reason I ask is because Microsoft has release a patch for it.


Smiley Wink Please remember to Kudo those that help you.

Linksys
Communities Technical Support
Posts: 1
Registered: ‎10-17-2017

Re: Patch for KRACK vulnerability WPA2?

Any ETA on a patch for this?

Expert
Posts: 13,302
Registered: ‎01-18-2013

Re: Patch for KRACK vulnerability WPA2?

I don't have one yet but once I hear from Linksys engineering I will report back.


Smiley Wink Please remember to Kudo those that help you.

Linksys
Communities Technical Support
Posts: 11
Registered: ‎01-21-2007

Re: Patch for KRACK vulnerability WPA2?

Thanks chadster. Do you work for Linksys?

 

It should just be a software fix. It's a key management and setup protocol issue and I can't think of anyone who would put that in hardware, unlike the actual encyption which almost certainly uses hardware support.

 

Charley

 

(Retired computer geek - used to work for Cisco and was one of those who recommended they buy Linksys)

Posts: 71
Registered: ‎12-28-2016

Re: Patch for KRACK vulnerability WPA2?


chadster766 wrote:

I'm not sure but would guess that all non EOF devices that are effected would get firmware updates.

 

Do you know if it's strictly an OS problem or does hostapd have to be updated as well. The reason I ask is because Microsoft has release a patch for it.


Its a wifi protocol problem. its actually in the wifi standard its the third step of the handshake that can be replicated by repeating step 3 over and over and it turns the encryption into all Zero's 

 

Good news: For this exploit to actually happen, the hacker taking advantage of it must be in range of the Wi-Fi network. This is a plus. also if you turn on mac address filtering and add all your devices mac addresss in and activate it. you will be safe completely BUT you have to allow manually any new devices (friends come over etc) to the filtering table.

Posts: 2
Registered: ‎10-02-2017

Re: Patch for KRACK vulnerability WPA2?

Posts: 2
Registered: ‎10-02-2017

Re: Patch for KRACK vulnerability WPA2?

[ Edited ]
Expert
Posts: 13,302
Registered: ‎01-18-2013

Re: Patch for KRACK vulnerability WPA2?


charley000 wrote:

Thanks chadster. Do you work for Linksys?

 

 


Yes I do. Linksys community support usernames are colored orange.


Smiley Wink Please remember to Kudo those that help you.

Linksys
Communities Technical Support
Moderator
Posts: 294
Registered: ‎06-29-2015

Re: Patch for KRACK vulnerability WPA2?

Hello, everyone. Belkin International, (Belkin, Linksys & Wemo) is aware of the WPA vulnerability. Our Security Teams are verifying details & we will advise accordingly. Also, know that we are committed to putting all our valued customers first & are planning to post instructions on our security advisory page on what customers can do to update their products, if & when required.

 

We appreciate your understanding and cooperation.

Dennis - 20702
Linksys Technical Support
Posts: 2
Registered: ‎12-21-2016

Re: Patch for KRACK vulnerability WPA2?


kenji wrote:

While waiting for Android and iOS devices to be patched and hardwares to have firmware updated, I strongly suggest enabling WI-Fi MAC address filtering instead while keeping the WPA2 encryption. This works effectively against the use of brute force attack like the ones using Reaver.

 


 

Not sure how many products have this, but on the Linksys EA9500 ther is an arbitrary, stupid, 30 device limit on mac addresses in the filter list.  At least there was a year ago when I bought my EA9500, guess it's time to double check if that is still the case.