As many people have read or will soon read, there is a vulnerability in the WPA2 wireless protocol called Krack that could allow attackers to eavesdrop on wireless connections and inject data into the wireless stream in order to install malware or modify web pages.
To protect yourself, many WiFi product vendors will be releasing updated firmware and drivers for their products. It is strongly suggested that users update their hardware as soon as a update is available in order to protect themselves. This includes router firmware and wireless network card drivers.
To help with this, I have created a list of known information regarding various WiFi vendors and whether new drivers are available. As this vulnerability is fairly new, there is little information available, I advise you to check this page throughout the coming days to see if new information is available. This page includes information resulting from contacting of vendors, CERT's informative page, and other sources.
Last Updated: 10/20/17 14:35 EST
ADTRAN posted in their forums that they are performing an investigation and will send out a security notice to all signed up users with details. A security advisory was sent out on 10/18/17 to customers that basically reiterates the same information.
Aerohive has released an advisory explaining under what circumstances their products are vulnerable to KRACK. They also included information on what HiveOS upgrades mitigate this attack,
An Amazon Spokesperson responded to our inquiry with "We are in the process of reviewing which of our devices may contain this vulnerability and will be issuing patches where needed.".
Today, October 31st, Apple has released updates for all of their core operating systems that included fixes for the KRACK vulns.
An Arris spokesperson told BleepingComputer:
ARRIS is committed to the security of our devices and safeguarding the millions of subscribers who use them. The KRACK flaw affects the WPA2 protocol itself and is not specific to any device or manufacturer. There is no current evidence of malicious exploits.
ARRIS is evaluating our full Wi-Fi portfolio and will release any required firmware updates as quickly as possible.
Asus has released information (see bottom of the page) and working with chipset suppliers to patch the vulns and will release an update as soon as its ready.
AVM has a advisory posted regarding the KRACK vuln. According to AVM "FRITZ!Boxes on broadband connections are currently not affected by the wireless security breach known as "Krack", as such access points do not use the affected 802.11r standard.". They also do not seem to be happy regarding the way the disclosure was handled.
Barracuda posted an advisory that lists affected products and contains links on hotfixes to resolve the KRACK vulns.
BleepingComputer received a response from Belkin that states:
"Belkin Linksys, and Wemo are aware of the WPA vulnerability. Our security teams are verifying details and we will advise accordingly. Also know that we are committed to putting the customer first and are planning to post instructions on our security advisory page on what customers can do to update their products, if and when required.”
Cisco has released an advisory that discusses the vulnerability in relation to their product and a list of products that are vulnerable. Cisco has stated that IOS and driver updates are being developed and will be released. Cisco product users are advised to check the advisory often for future updates.
Debian posted an advisory to the Debian Security Announce mailing list with information on updates that resolve the Krack vulnerability.
Dell has posted an advisory that lists all products that are NOT affected by the KRACK vulns. More information about affected products will be added to the advisory soon.
D-Link has posted an advisory stating that they are waiting for patches from the chipset manufacturers. They further accurately state that "For consumers users, your priority should be updating devices such as laptops and smartphones.".
DrayTek has posted an advisory detailing what products are affected by KRACK and stating that updates will be available next week.
Edimax posted an advisory stating:
This vulnerability will require collaborative firmware patches from relevant manufacturers. Edimax is requesting assistance from them and is working diligently for the firmware fix. It will be published on Edimax website as soon as it becomes available.
eero released an advisory that states that they have rolled out eeroOS version 3.5, which mitigates the KRACK vulns.
EnGenius has posted an advisory with some information about the attack. I was told by an EnGenius spokesperson that they are "working on security patches and will release updates to its firmware by the end of October".
Extreme Networks released an advisory and stated hotfixes for the KRACK vulns will be released starting on October 20th.
According to a released advisory, F5 Networks products are not affected by KRACK.
According to this document, the FortiAP 5.6.1 release fixed the KRACK vulns.
Android 6.0 and higher are currently vulnerable to this attack. When BleepingComputer contacted Google, their statement was "We're aware of the issue, and we will be patching any affected devices in the coming weeks". No information is available as of yet regarding Google WiFi.
Intel has released an advisory, which includes links to updated drivers.
Kisslink has told BleepingComputer that as their products are protected via their Promximity technology and thus are not using WPA2 or affected by its bugs.
Updated packages for hostapd-common - 2016-12-19-ad02e79d-5, wpad - 2016-12-19-ad02e79d-5, and wpad-mini - 2016-12-19-ad02e79d-5 are available on Ledge. You can check for update availability via the opkg list-upgradable command and upgrade using opkg update command.
Update 10/18/17: LEDE released the 17.01.4 service release to resolve the KRACK bugs and other issues.
LineageOS has had patches merged to prevent the Krak vulns.
According to the vulnerability release, "Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux.". Patches can be found here.
Updates have been released for Cisco Meraki that resolve the KRACK vuln. More info can be found in this advisory: 802.11r Vulnerability (CVE: 2017-13082) FAQ.
Microchip has posted an advisory with available updates.
Microsoft quietly fixed the KRACK vulns in the October 10th Patch Tuesday.
According to MikroTik: "RouterOS v6.39.3, v6.40.4, v6.41rc are not affected! AP mode devices are not affected. All implemented fixes refer only to station and WDS modes.". They further stated that firmware versions were released last week to fix this vulnerability.
Netgear has released an advisory that contains a list of products affected by KRACK and associated updates.
Stated that patches will be rolled out next week. These will autoupdate and will not require user intervention.
An advisory was posted for Open-Mesh & CloudTrax regarding the Krack vuln. An update is expected to be delivered to all of those that use automatic updates by the end over October 17th. More info at the advisory.
Peplink has issued an advisory stating that users of the Wi-Fi as WAN functionality are vulnerable to this attack. To temporarily fix this issue, users can disable this feature and wait for an updated firmware to be released.
pfSense, which is based off of FreeBSD, has opened an issue to import FreeBSD's fix.
A Qualcomm spokesperson has told BleepingComputer:
"Providing technologies that support robust security and privacy is a priority for Qualcomm Technologies, Inc. (QTI). We have been working with industry partners to identify and address all implementations of the open source security issue involving WPA packet number reuse within Qualcomm-powered products. Patches for these issues are available now on the Code Aurora Forum and through other distribution channels, with additional patches posted as soon as they are verified through our quality assurance process"
Red Hat has generated an advisory regarding the vulnerability in wpa_supplicant. No further information available.
As this uses wpa_supplicant, you need to update to the latest packages. Use sudo apt update followed by sudo apt upgrade to install a patched wpa_supplicant.
Ruckus Wireless has posted a security advisory that states that disabling 802.11r will mitigate CVE-2017-13082. Security patches for affected devices will be released as soon as they become available.
Sierra Wireless posted a technical bulletin on affected products and remediation plans. Link from CERT.
Sonicwall has released an advisory that states that they are not vulnerable:
SonicWall Capture Labs has evaluated these vulnerabilities and determined that our SonicPoint and SonicWave wireless access points, as well as our TZ and SOHO Wireless firewalls, are not vulnerable to the flaws in WPA2.
SonicWall is working on a solution to provide an additional layer of protection for SonicWall customers that will block these man-in-the-middle attacks even from vulnerable unpatched clients. This will be delivered in a future SonicOS update.
Sophos has released an advisory stating that the Sophos UTM Wireless, Sophos Firewall Wireless, Sophos Central Wireless, and Cyberoam Wireless products are affected by the Krack vulnerability. Updates for these products will be released soon.
Synology posted an advisory that indicates Synology DiskStation Manager (DSM) with attached WiFi dongle and Synology Router Manager (SRM) are vulnerable to Krack. According to Synology, updates for affected products will be released soon.
Tanaza has reached out to BleepingComputer to advise that their v2.15.2 firmware contains a patch for KRACK.
According to CERT, Toshiba's SureMark 4610 Printer (Models 1NR, 2CR, 2NR) with Wireless Lan Adapter & Canvio AeroMobile Wireless SSD product are affected. Toshiba will be contacting owners and business partners directly in regards to the printer and a firmware update will be released for the wireless SSD card.
When I contacted TP-Link tech support, I was told "Our seniors are keeping an eye on this issue. Currently we haven't received any feedback that TP-Link product is affected by that. We will offer an update on our official website once we have any new info."
On October 18, TP-Link issued the following statement with details on affected products.
Turris, which uses OpenWRT, posted in their forums that a patch was added to their repository that they are going to test and release a fix. Hopefully, this will lead to OpenWRT releasing an update soon as well.
Ubiquiti have posted an advisory that provides details on what UniFi, AmpliFi, and airMax products are affected by the KRACK vulnerability. This advisory also provides links to the updates that resolve this attack.
It should be noted that the 802.11r (Fast Roaming) beta feature is still vulnerable and it is advised that it be disabled until a future update resolves the issue.
Ubuntu has released an advisory with information on how to update wpa_supplicant and hostapd in order to resolve this vulnerability.
WatchGuard has issued an advisory outlining when updates are going to be available for their various products and services.
The WiFi Alliance released an announcement regarding the KRACK vulns, what products are affected, and how to mitigate the issues. New version of Xirrus AOS will be released by October 30th 2017.
Xirrus/Riverbed have posted an advisory
Zyxel has created a page that details what products are affected. While they are working to fix the vulnerability, there are no updated drivers and firmware available.
Arista Networks, Inc.
AsusTek Computer Inc.
Atheros Communications, Inc.
F5 Networks, Inc.
Hewlett Packard Enterprise