Major WPA2 vulnerability to be disclosed


#1

Appears to affect all current wifi access points. Some details here The full disclosure is coming Monday October 16 at 8AM US Eastern time (2PM in Prague?)


#2

Well it would have to be fixed by chip creators like Atheros, Broadcom, Qualcomm and Mediatek. For turris there should be new firmware.bin released by Atheros but most of devices will be unable to fix this as in many cases firmware for wifi cards is burn in not easily programmable memory or inside chip.


#3

Disclosure page: https://www.krackattacks.com/


mPCIe slots and 802.11AC wave 2
#4

This is pretty huge. Where is our security patch?


#5

What I found on OpenWRT forum or LEDE there is no workaround nor solution. (except turning WiFi off)
Unfortunately we need to wait. It seems that nobody from OpenWRT/LEDE were contacted to get it fixed before it was published.
For example Mikrotik fixed it two weeks ago.

https://forum.openwrt.org/viewtopic.php?id=72340


#6

So are there any other wifi cards with patched firmware which do have openwrt/lede/Linux support we could buy?

Which mikrotik cards are safe?


#7

We are investigating that and working on that.


#8

Few minutes ago fixes landed to LEDE.


#9

Patch against this vulnerability just landed in our repository, we’re going to test it now and release fix as soon as possible.


#10

Thanks for the update. Should we check here for updates on the release or is there a better location?


#11

FYI/OT
Apple confirms the patch is already present in latest iOS, macOS and tvOS betas.


#12

Synology has removed th KRACK vulnerability in SRM 1.1 to 1.1.5-6542-3 or above see https://www.synology.com/en-us/support/security/Synology_SA_17_60_KRACK


#13

Dont worry … Turris will be fix the vulnerability too.


#14

#16

#18