NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
WPA2 - KRACK / Vulnerability
Hi Netgear, I think this is really important and should be monitored closely and all the wifi users should ask the vendors to monitor an patch this. Looks like that WPA2 is about to be cracked and ...
NETGEAR is aware of the recently publicized security exploit KRACK, which takes advantage of security vulnerabilities in WPA2 (WiFi Protected Access II). NETGEAR has published fixes for multiple products and is working on fixes for others. Please follow the security advisory for updates.
NETGEAR appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats. Being pro-active rather than re-active to emerging security issues is a fundamental belief at NETGEAR.
To protect users, NETGEAR does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released. Once fixes are available, NETGEAR will announce the vulnerabilities from NETGEAR Product Security web page.
We don't know when Netgear was notified of the details of this attack, at the most it was a month (since early sept) That is not enough time for some companies to patch depending on thier processes.
Also this attack is mostly client side, and Android / Linux seems to be the most vulernable. Other clients are too based on FAST 802.11R prorotocal, but you can turn that off in Orib within the new Firmware.
In essence, by turning off FAST roaming at the router you are protecting as much as you can from a router perspective, and the rest is up to the devices that attach. Make sure you update all of your IOT devices such as cameras, TV's and Android devices.
Apple already has a patch in beta that should be release before any attack actually surfaces.
Thanks AAZ,
All vendors were notified in late June.
Jarmo
I'm also waiting for a response from Netgear regarding this issue, it's a very serious vulnerability, many vendors have already started providing a patch.
Hello Ely,
Please see https://kb.netgear.com/000049498/Security-Advisory-for-WPA-2-Vulnerabilities-PSV-2017-2826-PSV-2017-2836-PSV-2017-2837 . Looks like WAPs are only vulnerable in bridge mode - meaning you need at least 2. The vulnerable handshake would occur when they 'pair'. Which makes sense, as the WAP is not going to try to initiate a handshake session with an endpoint, it's the other way around. Good luck!
Jarmo
