I have an SBG7580-AC wifi gateway running firmware {edit : personal information} (Xfinity is my ISP since a few months ago.) Does this firmware version correct the WPA2 security vunerabilities exploited by KRACK or do I need to acquire another wifi gateway model that supports WPA3?
Solved
SBG7580-AC WPA2 and KRACK
- The Many
- 2 replies
Best answer by plemans
If you read the data sheet on KRACK, everything running wpa2 is affected. it isn’t an issue with the device but with wpa2.
But if you read enough, there’s issues with wpa3 too. So even upgrading won’t necessarily solve your issue if the person is smart/determined enough. Luckily, most people aren’t or those who are, have larger targets to go after. So for most users, its a non-issue.
But feel free to upgrade. If you’re worried about security, but a router separate from the modem. Modem/router combo devices rarely get updated and tend to have more security issues. If you have a router separate, you control the firmware and can update more frequently.
+41- Juggernaut
- 2189 replies
- Answer
If you read the data sheet on KRACK, everything running wpa2 is affected. it isn’t an issue with the device but with wpa2.
But if you read enough, there’s issues with wpa3 too. So even upgrading won’t necessarily solve your issue if the person is smart/determined enough. Luckily, most people aren’t or those who are, have larger targets to go after. So for most users, its a non-issue.
But feel free to upgrade. If you’re worried about security, but a router separate from the modem. Modem/router combo devices rarely get updated and tend to have more security issues. If you have a router separate, you control the firmware and can update more frequently.
- The Many
- 2 replies
Thanks! A separate modem and router seems like the way to go to keep up to date. I had not considered that.
Good point about those wishing to exploit the flaws having bigger fish to fry than home users. Sets my mind more at ease.
Yes, the standard is flawed but I was under the impression that the ‘fix’ device updates were intended to deploy was to not allow old keys to be reused in the handshake---these measures being needed on both the client and access point. Perhaps these are more mitigations that fixes, I don’t know enough to say. After the initial Krack hack, additional vulnerabilities, brought to light by its authors, were found---some of them in the standard and some specific to vendor implementations. Came across these 2 articles, which I found interesting:
https://papers.mathyvanhoef.com/ccs2018.pdf
https://portswigger.net/daily-swig/paper-over-the-kracks-new-techniques-can-bypass-wpa2-flaw-mitigations
Again, thanks for the response.
- The Many
- 2 replies
Thanks. I had not considered a separate modem and router to make sure the device firmware is up to date. Seems like the way to go.
Yes, I suppose bad actors exploiting the WPA vulnerabilities have bigger fish to fry in the corporate and governmental world than against home users. That sets my mind a ease a bit more.
I was under the impression that the ‘fix’ vendors of both client software (Apple, Microsoft, etc) and access points (routers) were to make was to disallow reuse of old keys in the handshake. Perhaps this is mitigation rather than a fix---I don’t know enough to say.
I was interested to read that post-KRACK, the authors found additional vulnerabilities--some in the standard and some specific to vendor implementations:
https://papers.mathyvanhoef.com/ccs2018.pdf
https://portswigger.net/daily-swig/paper-over-the-kracks-new-techniques-can-bypass-wpa2-flaw-mitigations
Reply
Most helpful members this week
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.