KRACK

There is a new hack that impacts ALL WiFi devices – it is called Krack.

Long story short, if your device connects to the Internet, home network or, really, anything, it can be taken over through this new security flaw.  While some companies, such as Apple, protest this weakness, the exploit is universal for all devices.  If you do NOT have an IoT device, then we have provided some avenues below for you to review in order to protect yourself.

PLEASE NOTE: This is NOT a remote hack and hackers need to directly access your wireless network which means that they at least need to be in your neighborhood.  Also, the list below is NOT exhaustive and we will release new patches as we find them.

Now, if you have IoT devices, you are out of luck.  There are no patches, no fixes and nothing you can do.  Well you can use Bear and we can fix this issue but, outside of us, there is not much to be done.

For everybody else, here is the list:

Routers

• Arch Linux: WPA Supplicant patch, Hostapd patch
• Aruba
• Cicso
  • Cisco Meraki
  • Security Advisory
• DD-WRT
• Debian/Ubuntu
• Fortinet
• LEDE/OpenWrt
• Linksys – still working on it
• Microsoft
• MikroTik
• Meraki: Fixed with Meraki 24.11 and 25.7
• Netgear: WAC120, WAC505/WAC510, WAC720/730, WN604, WNAP210v2, WNAP320, WNDAP350, WNDAP620, WNDAP660, WND930
• Open BSD – https://marc.info/?l=openbsd-announce&m=148839684520133&w=2
• Ubiquiti
• Watchguard Cloud

Operating Systems

• Android
  • Google released a weird statement saying that everybody with the 11/4/2017 update or later is safe
  • It is 10/14/2017…
• Apple – In denial
• Linux
  • General Patch – https://w1.fi/security/2017-1/
  • Debian Users – http://seclists.org/bugtraq/2017/Oct/25
• Microsoft
  • There is a security advisory but we recommend using Windows Update
  • If you updated on or after 10/10/2017 you are safe
• dd

Chips

• Intel – https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr