Yesterday, 16/Oct/2017, was released a vulnerability that affects all WPA and WPA2 handshakes that allow attackers to override your wifi encryption and install a MITM to sniff all your packages getting user credentials and more.
How does it work?
On this video you can see a demostration of how it's implemented this vulnerability:
How do I protect myself?
Update your system, router, mobile device etc.
Most vendors already released a patch update, you can check a bigger intel about this here
Vendor Patch Matrix (non-complete)
| Vendor | Patch Available | In Development | Not Directly Affected |
|---|---|---|---|
| Arch Linux | X | ||
| Arista | X | ||
| Aruba | X | ||
| Cisco | X | ||
| DD-WRT | X | ||
| Debian | X | ||
| Extreme Networks | X | ||
| Fedora | X | ||
| FreeBSD | X | ||
| Lenovo | X | ||
| LineageOS | X | ||
| LXDE | X | ||
| Meraki | X | ||
| MikroTik | X | ||
| Synology | X | ||
| Turris Omnia | X | ||
| Ubiquiti | X | ||
| Ubuntu | X | ||
| UniFi | X | ||
| VMware | X | ||
| Watchguard Cloud | X | ||
| Watchguard | X | ||
| Windows 10 | X | ||
| WPA_supplicant | X |
Vendor Response (complete)
| Vendor | Official Response | Comment | Last Checked | Last Updated | Date Notified by CERT |
|---|---|---|---|---|---|
| 3com Inc | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Actiontec | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Aerohive | LINK | N/A | 2017-10-17 | 2017-10-17 | |
| Alcatel-Lucent | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Amazon | No Known Official Response | "We are in the process of reviewing which of our devices may contain this vulnerability and will be issuing patches where needed." | 2017-10-17 | 2017-10-17 | |
| Android | No Known Official Response | Android 6.0 and above affected (Android uses wpa_supplicant and therefore is affected). | 2017-10-16 | 2017-10-16 | |
| Apple | No Known Official Response; See comment for unofficial response | Via twitter : "Apple has confirmed to me that #wpa2 #KRACK exploit has already been patched in iOS, tvOS, watchOS, macOS betas." LINK | 2017-10-17 | 2017-10-17 | |
| Arch Linux | wpa_supplicant, hostapd | N/A | 2017-10-16 | 2017-10-16 | |
| Arduino | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Asus | No Known Official Response | According to LINK at the time of this commit no statement from Asus | 2017-10-17 | 2017-10-17 | |
| AVM | LINK | They are currently investigating this security issue and will release updates if needed. Also EOM and EOS products will be updated, according to LINK | 2017-10-17 | 2017-10-17 | |
| Barracuda Networks | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Belkin, Linksys, and Wemo | No Known Official Response | "Belkin Linksys, and Wemo are aware of the WPA vulnerability. Our security teams are verifying details and we will advise accordingly. Also know that we are committed to putting the customer first and are planning to post instructions on our security advisory page on what customers can do to update their products, if and when required." | 2017-10-16 | 2017-10-16 | |
| Broadcom | No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | |
| Buffalo / MELCO | LINK(JA) | N/A | 2017-10-18 | 2017-10-18 | |
| Canon | No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | |
| CentOS | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Cisco | LINK | Multiple Cisco wireless products are affected by these vulnerabilities. | 2017-10-16 | 2017-10-16 | 28 Aug 2017 |
| Comcast | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| CZ.NIC Turris | LINK | via @spike411: CZ.NIC Turris team is testing a fix (backported from hostapd upstream): LINK | 2017-10-16 | 2017-10-16 | |
| D-Link | LINK | N/A | 2017-10-17 | 2017-10-17 | |
| DD-WRT | LINK | N/A | 2017-10-17 | 2017-10-17 | |
| Debian | LINK | * Add patches to fix WPA protocol vulnerabilities (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088): - hostapd: Avoid key reinstallation in FT handshake - Prevent reinstallation of an already in-use group key - Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases - Fix PTK rekeying to generate a new ANonce - TDLS: Reject TPK-TK reconfiguration - WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used - WNM: Ignore WNM-Sleep Mode Response without pending request - FT: Do not allow multiple Reassociation Response frames - TDLS: Ignore incoming TDLS Setup Response retries | 2017-10-16 | 2017-10-16 | |
| Dell | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Denon | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| DrayTek | LINK | DrayTek are investigating solutions for this and plan to issue appropriate updates (firmware) as soon as possible. We will update this page in due course. | 2017-10-17 | 2017-10-17 | |
| ecobee | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Edimax | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| EMC Corporation | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Espressif Systems | LINK | Espressif released patches for the WiFi vulnerabilities in their products including ESP-IDF, ESP8266 RTOS and ESP8266 NON-OS. Arduino ESP32 will be updated shortly. | 2017-10-16 | 2017-10-16 | 22 Sep 2017 |
| Extreme Networks | LINK | N/A | 2017-10-16 | 2017-10-16 | 2017-08-28 |
| F5 Networks | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Fedora | LINK | Status: Fixed Release: Pending (* Manual installation is possible) | 2017-10-17 | 2017-10-17 | |
| FortiNet | LINK | FortiAP 5.6.1 is no longer vulnerable to the following CVE Reference:...CVE-2017-13077CVE-2017-13078CVE-2017-13079CVE-2017-13080CVE-2017-13081CVE-2017-13082 | 2017-10-16 | 2017-10-16 | |
| Foundry Brocade | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| FreeBSD Project | Response, patch | Binary and source updates to base system available. Alternatively one can install the security/wpa_supplicant port or package in lieu of the same in base. |
2017-10-17 | 2017-10-17 | (?) |
| No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | ||
| Hewlett Packard Enterprise | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Honeywell | No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | |
| HPE Aruba | Patch Info - FAQ | N/A | 2017-10-17 | 2017-10-17 | 28 Aug 2017 |
| Huawei | No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | |
| IBM | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Intel Corporation | LINK | N/A | 2017-10-16 | 2017-10-16 | 28 Aug 2017 |
| I-O DATA | LINK(JA) | N/A | 2017-10-18 | 2017-10-18 | |
| Jolla | LINK | N/A | 2017-10-17 | 2017-10-17 | |
| Juniper Networks | LINK | Patches for WLAN available; patches for SRX and SSG outstanding | 2017-10-16 | 2017-10-16 | 28 Aug 2017 |
| KPN | LINK | No Fix as of yet | 2017-10-17 | 2017-10-17 | |
| Kyocera Communications | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| LEDE | LINK | Fixed snapshots for master available. 17.01.4 pending release. | 2017-10-17 | 2017-10-17 | |
| LineageOS | LINK | N/A | 2017-10-17 | 2017-10-17 | |
| Linux | Patches: LINK | wpa_supplicant version 2.4 and above is affected. Linux's wpa_supplicant v2.6 is also vulnerable to the installation of an all-zero encryption key in the 4-way handshake. | 2017-10-16 | 2017-10-16 | |
| Logitech | No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | |
| Marantz | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Marvell Semiconductor | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| MediaTek | No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | |
| Meraki | LINK | Fixed for Cisco Meraki in 24.11 and 25.7 | 2017-10-16 | 2017-10-16 | |
| Microchip Technology | LINK | N/A | 2017-10-17 | 2017-10-17 | 28 Aug 2017 |
| Microsoft | Windows Related | When clicking the link, accept the EULA then click the link again | 2017-10-16 | 2017-10-16 | |
| Mikrotik | LINK | We released fixed versions last week, so if you upgrade your devices routinely, no further action is required. | 2017-10-16 | 2017-10-16 | |
| NEC | No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | |
| Nest Labs | No Known Official Response | Nest Tweeted: "We plan to roll out patches to our products in the coming weeks. These won't require any action on the part of the user." | 2017-10-17 | 2017-10-17 | |
| Netgear | LINK | N/A | 2017-10-16 | 2017-10-16 | |
| Nikon | No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | |
| Nintendo | No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | |
| OnePlus | No Known Official Response | "We encouraged you to stay tuned and keep track on our Community Forums and official website and other social media channels." | 2017-10-17 | 2017-10-16 | |
| Onkyo | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Open-Mesh / CloudTrax | LINK | An update is expected to be delivered to all of those that use automatic updates by the end over October 17th. | 2017-10-17 | 2017-10-17 | |
| OpenBSD | LINK | Errata patches for the wireless stack have been released for OpenBSD 6.1 and 6.0. State transition errors could cause reinstallation of old WPA keys. Binary updates for the amd64 and i386 platforms are available via the syspatch utility. Source code patches can be found on the respective errata pages. As this affects the kernel, a reboot will be needed after patching. | 2017-10-16 | 2017-10-16 | |
| Pakedge | No Known Official Response | Via @spike411 "They have acknowledged they have received my enquiry but donβt have any info about the state of this vulnerability in their products." | 2017-10-16 | 2017-10-16 | |
| pfSense | LINK | N/A | 2017-10-17 | 2017-10-17 | |
| Pioneer | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Qualcomm Atheros | No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | |
| Rachio | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Raspbian (Raspberry Pi) | No Known Official Response | Update (20171002 01:38): The fixes for raspbian Jessie and Stretch should now be in the public raspbian repo. The fix for raspbian buster should follow in a few hours. I do not know if/when there will be a fix for wheezy. source: LINK | 2017-10-17 | 2017-10-17 | |
| Red Hat, Inc. | This issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 6 and 7. LINK | N/A | 2017-10-16 | 2017-10-16 | 28 Aug 2017 |
| Ring | No Known Official Response | Per support "They promise to update public shortly, actively working with developers." | 2017-10-17 | 2017-10-17 | |
| Ruckus Wireless | Refer to Ruckus Support. Security patches from Ruckus are forthcoming and will be posted as they are available. LINK PDF | N/A | 2017-10-17 | 2017-10-17 | |
| Sagemcom | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Samsung Mobile | No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | 28 Aug 2017 |
| Sharp | No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | |
| Sonicwall | LINK | N/A | 2017-10-17 | 2017-10-17 | |
| Sonos | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Sony | No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | |
| Sophos AP | LINK | N/A | 2017-10-17 | 2017-10-17 | |
| SUSE / openSUSE | LINK | 2017-10-16 | 2017-10-16 | 28 Aug 2017 | |
| Swisscom | LINK | Internet Box routers not affected. Centro routers and AirTies repeaters to be clarified. | 2017-10-17 | 2017-10-17 | |
| Synology | LINK | Synology DiskStation Manager (DSM) with attached WiFi dongle and Synology Router Manager (SRM) are vulnerable to Krack. According to Synology, updates for affected products will be released soon. | 2017-10-17 | 2017-10-17 | |
| Toshiba Commerce Solutions | No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | 15 Sep 2017 |
| Toshiba Electronic Devices & Storage Corporation | No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | 28 Aug 2017 |
| Toshiba Memory Corporation | No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | 28 Aug 2017 |
| TP-Link | LINK | N/A | 2017-10-17 | 2017-10-17 | |
| Turris Omnia | LINK | N/A | 2017-10-17 | 2017-10-17 | |
| Ubiquiti Networks | LINK | Ubiquiti has released 3.9.3.7537 in beta to mitigate these vulnerabilities in UniFi APs that have a client mode. mFi devices are likely vulnerable and no statement or patch has been released. | 2017-10-16 | 2017-10-16 | |
| Ubuntu | LINK | Updates are available for wpasupplicant and hostapd in Ubuntu 17.04, Ubuntu 16.04 LTS, and Ubuntu 14.04 LTS. | 2017-10-16 | 2017-10-16 | |
| WatchGuard | LINK | Sunday, October 15, 2017:,AP120, 320, 322, 420:,Release 8.3.0-657, Cloud mode only . Monday, October 30, 2017: AP300: Release 2.0.0.9 ,AP100, 102, 200: Release 1.2.9.14, AP120, 320, 322, 420:,Release 8.3.0-657, Non-Cloud (GWC mode) | 2017-10-17 | 2017-10-17 | |
| WiFi Alliance | LINK | Users should refer to their Wi-Fi device vendorβs website or security advisories to determine if their device has been affected and has an update available. As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers. | 2017-10-16 | 2017-10-16 | |
| Xfinity | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| Xirrus | LINK | As soon as the patch is released, it will be made available through the Xirrus Support Community. | 2017-10-17 | 2017-10-17 | |
| Yamaha | No Known Official Response | N/A | 2017-10-16 | 2017-10-16 | |
| Yi (Xiaoyi) | No Known Official Response | "Waiting on a reply" | 2017-10-17 | 2017-10-17 | |
| ZTE | No Known Official Response | N/A | 2017-10-17 | 2017-10-17 | |
| ZyXEL | LINK | N/A | 2017-10-16 | 2017-10-16 | 28 Aug 2017 |
This tables are being updated by krackinfo repo
I'll be updating this post as I could.
Latest comments (2)
Really great article with concrete information applicable to a range of technologies. Thanks!
To bulk up the "How does it work?" section and give a bit more background information, here is the link to a blog I wrote. It includes more details on the KRACK attack and what vulnerabilities in the WPA2 protocol made the attack possible:
blog.ironcorelabs.com/understand-t...
Ofc keep using SSL and VPN.
From what I've read the exploit is known for 5-6 months but wasn't shared with the public, and Android/iOS will wait until next month (November). Android (all the manufacturers) have a low adoption rate regarding the updates, so the vulnerable devices will exists for a long time (XP is still running somewhere π).