Reply
Posts: 71
Registered: ‎12-28-2016
Accepted Solution

Patch for KRACK vulnerability WPA2?

Are we working on a patch for this?

 https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-tra...

 

Your software is vulnerable!  the KRACK kit on guthub WORKS on the EA9500 and the velop system confirmed. 

 

 

Posts: 8
Registered: ‎06-17-2017

Re: Patch for KRACK vulnerability WPA2?

considering they run linnux on their routers, it shouldnt be that hard. all they need to do is update hostAPD.
it was privately disclosed to them in august 2017

Posts: 71
Registered: ‎12-28-2016

Re: Patch for KRACK vulnerability WPA2?


mitchy93 wrote:

considering they run linnux on their routers, it shouldnt be that hard. all they need to do is update hostAPD.
it was privately disclosed to them in august 2017


well i can confirm the github drop does work on the ea9500, velop, ea7500 and the wrt32x. they are all at risk right now. and the firmware can be injected so it cant truly be updated. (it will only relfect the version but the exploited firmware stays in place)

without a real factory reset (holding the button till the light goes off. its also confirmed in netgear non beta firmware and asus non beta.

 

if they knew since august i wonder what the hold up is? i heard they knew since september either way

Posts: 71
Registered: ‎12-28-2016

Re: Patch for KRACK vulnerability WPA2?

Heres is one method used. watch how dangerous this is. OMG

 

its doesnt give one important step so its not a tutorial

 

https://youtu.be/Oh4WURZoR98

 

Posts: 1
Registered: ‎10-16-2017

Re: Patch for KRACK vulnerability WPA2?

Has anyone heard back from Linksys yet? They will be judged how quickly they respond to this issue.

Expert
Posts: 14,135
Registered: ‎01-18-2013

Re: Patch for KRACK vulnerability WPA2?

[ Edited ]

I've notified Linksys engineering of this WPA2 vulnerability. When Linksys engineering responds I will report back.


Smiley Wink Please remember to Kudo those that help you.

Linksys
Communities Technical Support
Posts: 71
Registered: ‎12-28-2016

Re: Patch for KRACK vulnerability WPA2?

Posts: 1
Registered: ‎10-16-2017

Re: Patch for KRACK vulnerability WPA2?

Can hidden SSID avoid this vulnerability from outside attack?

Posts: 106
Registered: ‎07-23-2006

Re: Patch for KRACK vulnerability WPA2?


Lecter wrote:

Can hidden SSID avoid this vulnerability from outside attack?


I don't think disabling the broadcast can mitigate the attack at all. This vulnerability, however, can only be exploited via local connection, not over the internet.

 

While waiting for Android and iOS devices to be patched and hardwares to have firmware updated, I strongly suggest enabling WI-Fi MAC address filtering instead while keeping the WPA2 encryption. This works effectively against the use of brute force attack like the ones using Reaver.

 

Microsoft already released update for supported Windows versions last Oct 10th and Google schduled release of security patches for Android first week of November. iOS and MacOS will also have their patched beta versions go public in a few weeks.

 

More here - https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-security-patches

 

Posts: 11
Registered: ‎01-21-2007

Re: Patch for KRACK vulnerability WPA2?

Thanks chadster. Do you know if they will update the entire line? I use EA6200s (I have 3 of them in my house). It hasn't had a software update in a couple years but is still a great wi-fi router.