As publicised here, the WPA2 protocol is pretty much p0wn'd. Has/will Verizon be issuing a firmware update for any of their routers (specifically the quantum gateway) to address the vulnerability? If so, when? If not, why not?
Thank you
Bump; need this asap.
1-800-VERIZON
they are the only ones that can tell you.
this is a customer to customer forum.
This is all the news now,what is verizon going to offer us?
Well, I tried that. They are not set up to field requests from their more knowledgable client base, even when chatting with Tier 1 representatives. This is the only place I've found we can register concern about their response to such discoveries. And then we pray that someone knowledgable within Verizon sees this and at least ensures the right people are aware of the situation and are working on it.
Also note the clients (laptops, cell phones) must be patched as well, but that piece of the problem is not within FiOS support's purview.
This security defect is major and the scope extends way beyond a customer's LAN. Verizon needs to patch all supported access points, not just the Quantum Gateway.
As of 12:30 EST, Verizon has no official information to share. Given the amount of IOT devices they promote, I'm a little upset that they haven't officially acknowledged the issue yet.
This is a peer to peer help forum.
helping to get a firmware update or vulnerabilities patch cannot be done from here.
There appears to be a very serious problem with WPA2 security. How soon will the update for the Actiontec MI424WR-GEN3I (firmware 40.21.24) router be available.
This is an urgent and well documented problem.
Here’s what you can do to protect yourself from the KRACK WiFi vulnerability
Serious flaw in WPA2 protocol lets attackers intercept passwords and much more
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
Note Shady Bimmers post here.
https://www.dslreports.com/forum/r31659629-Will-Verizon-release-a-fix-for-the-new-WiFi-vulnerability
May not affect verizon routers.
When will Verizon be releasing updated firmware for the G1100? Currently this router's WPA2 is easily crackable. Please advise when we should expect a firmware update.
+1 interested
Hello,
When is Verizon going to patch it's routers to prevent the KRACK exploit?
@VerizonSheep wrote: When will Verizon be releasing updated firmware for the G1100? Currently this router's WPA2 is easily crackable. Please advise when we should expect a firmware update.
No it is not. Read the article I posted below.
@joeowen wrote: +1 interested
@GAR123 wrote:I contacted Verizon Tech Support. They replied that "The Quantum router is not affected by the WPA2 vulnerability". I requested a written statement to that effect, let's see if I get it.
Does anyone know whether Vz has distributed a firmware upgrade for its WiFi routers to address the WPA2 hack?
With the news of the KRACK WiFi exploit for WPA2, I'm curious if there will be a patch for the routers we have. I checked the firmware for it last night and it's using firmware from 2016 I believe. I know a lot of the problem is the clients of the router and not the router itself, but I've seen news about other router providers having patches for their routers as well and nothing from Actiontec.
Will there be an update?
Thank you.
I would like to know what is being done to correct the Krack vulnerabilities in the WPA2 wireless on my FIOS-G1100 home router.
1. Are the FiOS-G1100 router and Actiontec WCB6200Q access point vulnerable to the KRACK WPA attack?
2. If so, is a patched version of the firmware available? If not available, then when?
3. Is manual intervention required to download the firmware, or will Verizon update it automatically?
@RobWelbourn wrote: 1. Are the FiOS-G1100 router and Actiontec WCB6200Q access point vulnerable to the KRACK WPA attack?2. If so, is a patched version of the firmware available? If not available, then when?3. Is manual intervention required to download the firmware, or will Verizon update it automatically?
If it is needed it comes automatically from Verizon
I am hoping to patch my wireless router to protect against the Krack WIFI/WP2 vulnerability, but not having much luck. I've gone into my router (Verizon/Actiontec MI424WR) and had it check for firmware updates, but it comes back with an even older version (which seems odd). Text support can't deal with anything this technical. They pushed me off to "Expert Care" which seems more interested in selling me a plan.
I just want to know if a patch is coming. I understand some router companies already have them. Actiontec says this:
https://actiontecsupport.zendesk.com/hc/en-us/articles/115005205283-KRACK-vulnerability
"f your Wi-Fi router or network extender was provided by your service provider, the firmware updates for those devices will be pushed from your provider to your device without any action required on your behalf. "
So, how do I get the patch? When will Verizon be pushing it? I can't even see if one is coming for this device.
I think your answer was in your post:
Verizon will push it out if and when it is necessary.
Articles earlier in this thread have stated the vulnerability is on the client side not the router. So probably won't see an update (IMHO). Or at least something quick.
The vulnerability is on the client side not the router.
Jon, your faith in Verizon's ability to pro-actively protect us is _so_ much greater than mine.
The resolution is literally changing the protocol for WPA2 encryption. At the very least, Verizon could state that they will not be updating any of their devices to meet the latest standards.
I don't care if Verizon isn't quick. I care that they get it done properly. As of right now, they have yet to even acknowledge it though.
I just chatted with Verizon help about the WPA2 KRACK vulnerability, and the representative informed me that my "routers are not vulnerable". When I asked whether they were never vulnerable or did Verizon already patch them, the representative replied "They were not vulnerable to the KRACK exploit". I then expressed my surprise saying I read that almost all devices that support WPA2 are vulnerable, and the representative replied with "We have checked and everything appears to be perfect and safe". I then further inquired whether all Verizon routers (all makes and models) are not vulnerable, or only my 2 Actiontec routers, and the representative replied with "All Verizon routers are not vulnerable."
So I said Wow that's really amazing, and I asked why hasn't Verizon made a public statement to that effect since I'm sure Verizon has many anxious customers who would appreciate a public statement, and the representative replied that he would put the point forward to do so and pass on the message to the concerned teams.
So there you have it. This representative seemed pretty sure of himself/herself. I have snapshots of the entire chat.
Verizon, please make a public statement!
David,
Any router that can act as a repeater is vulnerable. The quote "routers are not vulnerable" is factually incorrect.
"All Verizon routers are not vulnerable." is a different quote, and implies that no verizon router can act as a repeater or uses 802.11r. Given that Verizon sells repeaters to extend wifi range, and I'm not a verizon engineer, I'll just have to take Verizon's word for it. If only they would issue a formal statement.
If anyone ever sees any official public statements from Verizon on this, please post it to this thread to help give it some visibility.
@HF wrote: Jon, your faith in Verizon's ability to pro-actively protect us is _so_ much greater than mine.
Maybe because it is not the router itself that the vulnerability lies that makes me feel better. Netgear sent out emails to their customers stating to update the firmware and to first check if it is affected in the firmware update. My Nighthawk was not affected.
everyone should just relax.
Not Verizon but
http://applenws.com/updated-list-of-wpa-2-krack-patches-in-consumer-routers/2017/the-mac-observer?utm_campaign=the-mac-observer&utm_medium=twitter&utm_source=twitterapple
I just talked to someone in tech support. He said that the Actiontec is quite old and may not get patched. That has me upset, as I do not want to be forced to pay for Quantum (which will inevitably get patched). Why should I have to pay for someone else's mistake?
I was reading about the new threat called KRACKs and understand I need to make sure I have the latest firmware for my router. How do I find the firmware and install it? I am on FIOS and have an ACTIONTEC M1424WR router.
KRACK update yet for ActionTec router and extender? Already patched my Linux Mint OS today against it. No patch found yet for Windows based systems. Will Verizon issue a patch for ActionTek routers, or will we need to overflash it with an WRT program instead?
As others have stated, this is not a router vulnerability.
It is in the client side.
Vulnerability is in the ability to inject a fake message to client.
All but one of the vulnerabiities are client side, i.e., they require updates to your PC, Mac, tablet, phone, etc. Most of these vendors have yet to provide patches. Microsoft has rolled out updates but Apple is still testing fixes in beta. Expect updates in the next few weeks.
There is one server-side (router) issue. It only affects routers running 802.11r. There is no official word from ActionTec -- their web page says we will let you know. But the assumption is that 802.11r is not enabled on the Verizon FIOS routers.
I would never believe a statement like that from a Verizon tech. Sounds like a load of **bleep** from a low level support person who was just telling you what he thought you wanted to hear. Total nonsense.
Everyone should read this: https://www.krackattacks.com/#demo
To "fix" this, the client AND router/Wireless AP etc. need to be patched.
For particulars around KRACK's (Key Reinstallation AttaACKs) you may want to read:
https://meraki.cisco.com/blog/2017/10/critical-802-11r-vulnerability-disclosed-for-wireless-networks/
https//nvd.nist.gov/vuln/detail/CVE-2017-13082
Cisco states, in order to help mitigate:
"We strongly urge all customers to verify that they are either patched to the latest firmware version* or that they have disabled 802.11r."
So exactly WHEN is Verizon going to get around to pushing out a patch to it's routers? Inquiring potential victims want to know. Tech support apparenly doesn't have a clue when.
Agree. Verizon, is there an estimated turn around?
Couple of things:
1) This is a peer to peer support forum so Verizon doesn't post here.
2) Do the FIOS rotuers even support 802.11r? I don't think so, but can't say for sure. If they dont, then there isn't a vulnerability. I haven't seen any settings in Quantum router that mentions 802.11r
1. Verizon does not seem to answer its customers anywhere, so it can't hurt posting it here.
2. Windows 7 and above are not vulnerable (so most Win and IOS clients are OK, Lunix and OS X, not so much if they were compiled to support the old WPA extensions), any router that can support multiple access points (this includes WiFi extenders) will implement 802.11r, so you will not see any GUI setting on the router (this is after all a consumer product). (NOTE: Even on Cisco routers it's not immediately apparent, being a checkbox enabling "Fast Switching"). I would suspect the support exhibited by Fios routers connecting with the IoT would strongly indicate inherent 802.11r support being the case. So the question is a valid one waiting to be answered.
Side Note: In Linux this is done at compile time, hence why the firmware would require a patch. I would be overjoyed if it were as simple as turning off a switch.
I believe the G1100 router is manufactured by Actiontec.
I just found this on the Actiontec website:
https://actiontecsupport.zendesk.com/hc/en-us/articles/115005205283-KRACK-Vulnerability
Short Version- It indicates that if a service provider WiFI router is a concern, such as Verizon's, the service provider will 'push' the patch and it requires no other user intervention.
Nope.
http://www.fiercecable.com/cable/greenwave-reality-builds-fios-quantum-gateway-for-verizon
Greenwave makes them for verizon.
but yes if their is a patch needed it will be pushed out from Verizon Fios.
Is there a Router Firmware Update for KRACK Vulnerability?
Actiontec MI424WR Rev. 1 Router
@FL2MD wrote: Is there a Router Firmware Update for KRACK Vulnerability? Actiontec MI424WR Rev. 1 Router
The Actiontec MI424WR all revs, are not believed to be vulnerable. They don't support 802.11r. We need to hear first from Actiontec and then Verizon. Similar from Greenwave and Verizon. In each case the manufacturer needs to create a fix and pass it on to Verizon to implement and push out.
Official word from Actiontec on its routers.
"DATED 10/24/2017Actiontec is aware of the industry-wide KRACK vulnerability affecting Wi-Fi Protected Access protocol standards (i.e. WPA/WPA2).Our customers are our highest priority, and our goal is to provide you with timely information to ensure that your home network is as safe as possible.If your Wi-Fi router or network extender was provided by your service provider (i.e. Bell Canada, CenturyLink, Cox, Dish, Google, Frontier, MTS, SaskTel, TDS, Telus, Verizon, Windstream), it is not affected by the KRACK vulnerability, and no firmware update is required. These products do not operate in repeater mode and do not have 802.11r FT enabled."
sounds like **bleep** to me...
but ok...
@micheal154 wrote: sounds like **bleep** to me... but ok...
It is amazing some folks just can’t handle the truth. There is no conspiracy to not update firmware. But if it isn’t broke you don’t fix it. ☃️
As identified in the detailed doc on Krack only a few functions on routers have the exposure. And most of the basic routers out there don't support them.
On the other hand your devices that aren't patched are more vulnerable. More of that on Verizon Wireless. E.g. My Verizon Samsun Galaxy S7 edge was just updated earlier this Month. Not sure if any of Verizon Residential products connect to router using WPA2, but if so those are the ones that are vulnerable.
The whole thing about Krack is it tries to fake out a device asking for a WPA/WPA2 connection and insert inself in your network between your device and your router.
SO EAZY to KRACK Verizon.
I hear 'they' is getting ready to sell a totally different newer Router.
I visited this website that checks your security and I am not able to post their link but you can private email me and maybe VZ will allow me to post their link?
Verizon's job is to protect your privacy as they claim.
There is one issue that really has me worried.
The privacy website shows me publically listed as
(MY ISP NUMBER) (MY CITY) (MY STATE) (at FIOS)
And the security firm claims that is totally legal.
THEN I asked them for what info can be harvested off me on the net.
They gave me my bank account name and my unique MAC Address that the
bank uses just for my presonal bank account.
And there is lots of other info that is available since they know my ISP and my location and that I am a FIOS customer.
The only way I can imagine getting rid of people that are trying to mine your private information is to beg your internet company to change your ISP or close your account and open a new internet with the same or a different provider????
Turn OFF your Universal Plug and Play, turn off Ping, and use a good Firewall.
And they can still KRACK Your Router but it will help.
@jonjones wrote: 1-800-VERIZONthey are the only ones that can tell you.this is a customer to customer forum.
translation: NO
