Reply

Wi-Fi access point vulnerability (KRACK)

Highlighted
Starter Poster
Posts: 4
Registered: ‎17-10-2017

Wi-Fi access point vulnerability (KRACK)

[ Edited ]
by knaus Starter Poster
Message 1 of 7 (1,691 Views)

What is the plan to upgrading the firmware on provided access points following the disclosed vulnerability in WPA2?

 

Key Reinstallation Attacks Breaking WPA2 by forcing nonce reuse

https://www.krackattacks.com/

 

 

Contributor
Posts: 142
Registered: ‎15-09-2016

Re: Wifi access point vulnerability

by Contributor MrMorm Contributor
Message 2 of 7 (1,684 Views)

I note these two comments in the paper. So it is more the end devices that need updating and that your password is safe at least.

 

 

"Note that our attacks do not recover the password of the Wi-Fi network."

"Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients."

 

 

 

Starter Poster
Posts: 4
Registered: ‎17-10-2017

Re: Wifi access point vulnerability

by knaus Starter Poster
Message 3 of 7 (1,677 Views)

yes but a patch on the actual access point will completely solve the issue. many wifi router vendors already provided a patch for this actual bug. so my main question is: what is Vodafone going to do about this? are they going to supply a patch for the routers they provide to customers?

Starter Poster
Posts: 4
Registered: ‎17-10-2017

Re: Wifi access point vulnerability

by knaus Starter Poster
Message 4 of 7 (1,675 Views)

this is actual Spark current status on the matter:

 

"Spark has become aware overnight of a global security vulnerability that has the potential to put all Wi-Fi networks, and the devices that access those networks, at risk of being compromised.

We are not aware of any Spark customers who have been compromised by the vulnerability to date.

The Krack vulnerability, which was identified by a security researcher overseas, potentially allows a hacker to eavesdrop on Wi-Fi traffic. The hacker would need to be within Wi-Fi range and would not be able to access encrypted traffic (e.g. most banking websites and some other applications).

Spark is liaising with device manufacturers as a matter of urgency to understand when they will have patches available for their devices and the process for installing those patches on devices. This includes manufacturers of Wi-Fi access points (e.g. modems) as well as all end devices that connect to Wi-Fi networks (e.g. phones, tablets, PCs and laptops, other Wi-Fi enabled devices).

Spark's own Wi-Fi phone box network remains operational. However, we advise customers to take care, as always, when using any public Wi-Fi network.

Spark will advise customers of any further actions they need to take with respect to their devices or modems as soon as more information is available from the device manufacturers."

 

 

I'd expect Vodafone to undertake similar action and inform their customers

Starter Poster
Posts: 4
Registered: ‎17-10-2017

Re: Wifi access point vulnerability

by knaus Starter Poster
Message 5 of 7 (1,663 Views)
Frequent Poster
Posts: 26
Registered: ‎07-11-2011

Re: Wifi access point vulnerability

by Frequent Poster Phil_W Frequent Poster
Message 6 of 7 (1,508 Views)

While somewhat 'unlikley to occur' busness many of us communicate with via WiF somewhere in the loop can reasonably be concerned with KRaCK exploits. I'd like to think that 'home' wifi routers are seen as important given the amount of home office work many of us survive by. Can we be assured that the vulnerablity is either 'covered' or being looked into with some sense of urgency. Vodafone has extensive international technical resource to call upon. Formal communication to customers could be a good way of alleviating unnecessary criticisim.

Community Manager
Posts: 2,920
Registered: ‎02-02-2013

Re: Wifi access point vulnerability

by Community Manager Community Manager
Message 7 of 7 (1,500 Views)

@Phil_W@knaus@MrMorm

 

Quick update on this one.

 

We have received the following update from both Technicolor and Huawei on the KRACK vulnerability for these devices:

  • Ultra Hub
  • B315 Modem - Home Wireless and Rural Wireless Broadband
  • HG659 - Vodafone wireless modem
  • HG556 - Vodafone Broadband Complete
  • Pocket WiFi

 These devices are not susceptible to the KRACK WPA Wi-Fi vulnerability and no firmware update is required on these devices for this issue.

Channel Manager, Help & Support
Vodafone New Zealand
Stats
  • 6 Replies
  • 38w ago
  • 1,692 Views
  • 1 Kudo
  • 4 Contributors