NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Tr4nc3's avatar
Tr4nc3
Initiate
Oct 16, 2017
Solved

WPA2 - KRACK / Vulnerability

Hi Netgear, I think this is really important and should be monitored closely and all the wifi users should ask the vendors to monitor an patch this. Looks like that WPA2 is about to be cracked and ...
Before You Buy
Features
Installation
Troubleshooting
  • mdgm-ntgr's avatar
    mdgm-ntgr
    Oct 16, 2017

    NETGEAR is aware of the recently publicized security exploit KRACK, which takes advantage of security vulnerabilities in WPA2 (WiFi Protected Access II).  NETGEAR has published fixes for multiple products and is working on fixes for others. Please follow the security advisory for updates.

     

    NETGEAR appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats. Being pro-active rather than re-active to emerging security issues is a fundamental belief at NETGEAR.

     

    To protect users, NETGEAR does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released. Once fixes are available, NETGEAR will announce the vulnerabilities from NETGEAR Product Security web page.

jdpg2's avatar
jdpg2
Apprentice
Oct 26, 2017

Not going to let this subject slide to the bottom of the forums.

 

Netgear where is the update for this exploit?  It shouldnt be that difficutl to patch since you have already addressed it on many of your other products.  Why are you exposing all Orbi users to potential issues through your inaction!

DarrenM's avatar
DarrenM
Sr. NETGEAR Moderator
Oct 27, 2017

This is a important issue and our engineering team is working on a fix for this exploit for orbi I do not have a exact date on a update but its a high priority.

 

DarrenM

  • JMU1998's avatar
    JMU1998
    Luminary
    Oct 27, 2017

    In the meantime while fix to hack is being worked on can we have the ability to turn off wifi per schedule? To minimize threats to wireless when not needed we can turn off?

  • st_shaw's avatar
    st_shaw
    Master
    Oct 27, 2017

     

    I don't believe this would have the effect you want.  As I understand it, the threat is only present when the Orbi satellite connects to the Orbi router.  If the system remains up and running, there is no threat.

     

    Turning off the WiFi would create a vulnerability each time it's turned back on and the satellite is forced to reconnect.  This would vastly increase the vulnerability.

     

  • SalusaSecondus's avatar
    SalusaSecondus
    Aspirant
    Oct 30, 2017

    Unfortunately, simply leaving the system up and running provides no protection against this attack. If an attacker is going to interfere with your communications to effect the KRACK attack, it is trivial for them to deauth the satellite and force it to re-auth whenever the attacker wants.

     

    This certainly appears to be a very serious risk to systems using Orbi satellites and I hope that Netgear quickly releases a patch.