NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
WPA2 - KRACK / Vulnerability
Hi Netgear, I think this is really important and should be monitored closely and all the wifi users should ask the vendors to monitor an patch this. Looks like that WPA2 is about to be cracked and ...
NETGEAR is aware of the recently publicized security exploit KRACK, which takes advantage of security vulnerabilities in WPA2 (WiFi Protected Access II). NETGEAR has published fixes for multiple products and is working on fixes for others. Please follow the security advisory for updates.
NETGEAR appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats. Being pro-active rather than re-active to emerging security issues is a fundamental belief at NETGEAR.
To protect users, NETGEAR does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released. Once fixes are available, NETGEAR will announce the vulnerabilities from NETGEAR Product Security web page.
So what about recent router models like mine that aren't mentioned in Netgear's announcement? Do they not need a patch (unlikely!), or is Netgear abandoning them?
Unknown by be - - I'm in the same boat with a legacy WiFi router
Virtually every network device ever created is vulnerable unless a patch is made available.
It's entirely possible that some devices from various vendors are well past their end-of-support dates, and each vendor will have to make a decision on a case-by-case basis whether to offer a one-off patch or just consider them deprecated and suggest the user upgrade their hardware.
Where is the ORBI and ORBI Pro firmware updates to address this issue? You have had since end of August to develope a fix... its getting silly now,
Not going to let this subject slide to the bottom of the forums.
Netgear where is the update for this exploit? It shouldnt be that difficutl to patch since you have already addressed it on many of your other products. Why are you exposing all Orbi users to potential issues through your inaction!
I agree this needs to be addressed ASAP. Don't wait till after the fact. These things need to be got in front of before we are singing the woes.
This is a important issue and our engineering team is working on a fix for this exploit for orbi I do not have a exact date on a update but its a high priority.
DarrenM
In the meantime while fix to hack is being worked on can we have the ability to turn off wifi per schedule? To minimize threats to wireless when not needed we can turn off?
I don't believe this would have the effect you want. As I understand it, the threat is only present when the Orbi satellite connects to the Orbi router. If the system remains up and running, there is no threat.
Turning off the WiFi would create a vulnerability each time it's turned back on and the satellite is forced to reconnect. This would vastly increase the vulnerability.
Unfortunately, simply leaving the system up and running provides no protection against this attack. If an attacker is going to interfere with your communications to effect the KRACK attack, it is trivial for them to deauth the satellite and force it to re-auth whenever the attacker wants.
This certainly appears to be a very serious risk to systems using Orbi satellites and I hope that Netgear quickly releases a patch.
