I understand client needs to be protected. But Eero also confirmed that their latest patch will prevent KRACK on unpatched client devices.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Says 'KRACK' Wi-Fi Vulnerabilities Are Already Patched in iOS, macOS, watchOS, and tvOS Betas
- Thread starter MacRumors
- Start date
- Sort by reaction score
Well that's dumb. If Apple wasn't constantly releasing buggy updates, I'd probably be happily on iOS 11, but I'm not dealing with another year of waiting for Apple to fix everything only to turn around and break it all again.
See my question and answer (same user name):
https://community.eero.com/t/y7kych/wpa2-security-flaw-is-eero-impacted
The way I read that reply doesn't equate to it protecting client devices. The reply says, "your eero network should be protected against the KRACK security flaw". I think this means the network OF your Eero devices, mesh network devices are vulnerable against KRACK unless patched - this is what Eero's update does. The reply goes on to say that they recommend updating any connected devices, this means client devices such as iPhones, Android phones, etc.
So I read this as client devices could still be vulnerable even on a patched Eero network.
Instead you believe Apple should make every change to bend to your will and use case, ignoring the majority? Sounds brilliant.
Ethical responsibility? Imagine how the android crowd feels right about now.
[doublepost=1508364623][/doublepost]
Actually it is a big ask not just of Apple but of all other vendors affected by the vulnerability otherwise this issue would disappear almost immediately. But I think Apple will end up surprising most of the naysayers in short order. As far as other "smart" devices out there especially android based ones, good luck.
[doublepost=1508364807][/doublepost]
Yes! Time to migrate to the green pastures of Android! (in case you can't tell, I was kidding...at least for me)
[doublepost=1508365192][/doublepost]
Behind the ball compared to whom? I think the whole industry is behind the ball with situations like this one. Apple is doing as good a job as can be expected considering the magnitude of the problem. Other current platforms will see horrendous delays or probably never be updated at all. I know a lot of android users out there in a world of hurt when they haven't seen a single update much less for KRACK and thats for relatively new hardware. Imagine how they feel.
[doublepost=1508365403][/doublepost]
If Knox is so good why are you here? And I don't think Knox is as secure as you would like to believe. Go do a search for Knox vulnerabilities. Law enforcement certainly prefers to crack Samsung/Android devices over iOS devices any day.This is sort of messed up for people who didn't want to update to Buggy iOS 11. They either choose to be unsecure or go to a buggy OS for security.
[doublepost=1508217399][/doublepost]
Samsung has KNOX for extra security layers...some of the best software even for wifi security. Highest level mobile device security software in the world. Options such as browsing only in the secure folder, creating Knox security VPNs, and Enterprise level firewalls secures these devices.
[doublepost=1508365875][/doublepost]
What about Windows 95, 98 ,XP , Vista? Any OS capable of wifi?
I think we will learn much in terms of the Apple response in the next few days.
Yes well Eero devices act as clients, that's how a mesh network works. So Eero's did need patching, as does any wireless extension devices. Most routers can also work in client mode so they need patching too.
I'll need to listen to Steve Gibson's excellent podcast because I know he discusses it this week. But I am absolutely sure patched routers won't do anything to protect you while still using an unpatched client system.
This statement is patently false. I running iOS 11.0.3 (and iOS 11.1 Beta 3) in everything from a lowly iPhone 6 (16GB) through a iPhone 7 Plus with no issues whatsoever. Even so I prefer peace of mind of security patches.
I look at the purchases tab in the Mac App Store, and yes, I can download El Capitan. Even older versions of OSX.
As long as you have a good Wi-Fi password, and your Wi-Fi is only used by trusted devices, then you are OK.
KRACK does NOT (and cannot) decrypt the password, so for a KRACK Attack to work, the attacker MUST be joined to your network already. Keep your password complex and you will be safe. Your only risk is if a staff member launches the attack from the inside. If you are really concerned, use programmable access points like Ubiquiti's Unifi, which already has firmware available to prevent the attack. While KRACK is launched from a client, it can be prevented with a good access point.
[doublepost=1508373809][/doublepost]
Apple has already patched serious vulnerabilities in the WPA2 Wi-Fi standard that protects many modern Wi-Fi networks, the company told iMore's Rene Ritchie this morning.
The exploits have been addressed in the iOS, tvOS, watchOS, and macOS betas that are currently available to developers and will be rolling out to consumers soon.
A KRACK attack proof-of-concept from security researcher Mathy Vanhoef
Disclosed just this morning by researcher Mathy Vanhoef, the WPA2 vulnerabilities affect millions of routers, smartphones, PCs, and other devices, including Apple's Macs, iPhones, and iPads.
Using a key reinstallation attack, or "KRACK," attackers can exploit weaknesses in the WPA2 protocol to decrypt network traffic to sniff out credit card numbers, usernames, passwords, photos, and other sensitive information. With certain network configurations, attackers can also inject data into the network, remotely installing malware and other malicious software.
Because these vulnerabilities affect all devices that use WPA2, this is a serious problem that device manufacturers need to address immediately. Apple is often quick to fix major security exploits, so it is not a surprise that the company has already addressed this particular issue.
Websites that use HTTPS offer an extra layer of security, but an improperly configured site can be exploited to drop HTTPS encryption, so Vanhoef warns that this is not a reliable protection.
Apple's iOS devices (and Windows machines) are not as vulnerable as Macs or devices running Linux or Android because the vulnerability relies on a flaw that allows what's supposed to be a single-use encryption key to be resent and reused more than once, something the iOS operating system does not allow, but there's still a partial vulnerability.
Once patched, devices running iOS, macOS, tvOS, and watchOS will not be able to be exploited using the KRACK method even when connected to a router or access point that is still vulnerable. Still, consumers should watch for firmware updates for all of their devices, including routers.
Ahead of the release of the update that addresses the vulnerabilities, customers who are concerned about attacks should avoid public Wi-Fi networks, use Ethernet where possible, and use a VPN.
Article Link: Apple Says 'KRACK' Wi-Fi Vulnerabilities Are Already Patched in iOS, macOS, watchOS, and tvOS Betas
Alas, you fail to mention a very important point - KRACK cannot decode the WPA2 password, so any attacker MUST be joined to the network (and therefore know the WPA2 password) before launching any attack. So the attack can only come from INSIDE the network. On a public Wi-Fi, this may be possible, but much more unlikely on a private network. Therefore, unless you have a really easy password for your Wi-Fi, or allow anyone and everyone onto your home/office network, you will be fine.
If you are really worried, WPA2 supports [ASCII] passwords up to 63 characters in length, so creating a really complex one is one way to protect yourself (and don't give it to people you don't trust!).
You misunderstand how Krack works. The whole purpose of Krack is to exploit WPA2 in such a way as the attacker does not require the WPA2 password. The attacker simply needs to be in radio range of the WiFi network.
Most routers are not in client mode, when bridged yes but Netgear for one states that their routers when in normal router mode are not vulnerable, only when acting as a bridge. So not all AP's need patching straight away but will be of course in the long run depending on their age mind you.
'Routers and gateways are only affected when in bridge mode (which is not enabled by default and not used by most customers). A WPA-2 handshake is initiated by a router in bridge mode only when connecting or reconnecting to a router.'
https://kb.netgear.com/000049498/Se...ies-PSV-2017-2826-PSV-2017-2836-PSV-2017-2837
I beg to differ. My friend updated to iOS 11 and he regrets doing it. He says he gets random freezes now and some things don't even load. He's got an iPhone 7 Plus just like me.
If it were possible to revert back to 10.3.3, I'd update to iOS 11 and try it myself, but without the ability to roll back, I can't take the chance in case I don't like it.
Yes that's correct, only WPA/WPA2 connections to WiFi networks.
If you don't use BT then surely the toggle in the control centre is not used at all?
Who is tracking you via WiFi?
All kinds of places, even if you don't connect to their network. They ping the Wifi to see where you're walking in their stores for instance. And MAC-randomization isn't sufficient to prevent this, see: Why MAC Address Randomization is not Enough: An ... - Publications
Wi-Fi Vulnerabilities Are Already Patched
- BUT they are NOT patched until those updates appear on our devices.
- BUT they are NOT patched until those updates appear on our devices.
Microsoft Windows Vista (unsupported) is 10 years old and Windows 7 is 8 years old, so I hope that Apple can match that and support those 8 years old laptops, desktops and OS releases.
I wouldn’t say *never*. But, we certainly aren’t quite there yet ...
It’s called “formal verification”:
https://www.wired.com/2016/09/computer-scientists-close-perfect-hack-proof-code/
It's not "no use". It helps save battery in many situations, for instance, when an app requests your location, depending on how many Wi-Fi networks are available, it might not even need to use the GPS because the Wi-Fi location will be enough.
Security updates
https://support.apple.com/kb/HT201222
For macOS
WiFi: for macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: an attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
https://support.apple.com/kb/HT208221
For watchOS 4.1
WiFi: for Apple Watch Series 1 and Apple Watch Series 2
Impact: an attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
https://support.apple.com/kb/HT208220
For tvOS 11.1
WiFi: for Apple TV 4K
Impact: an attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
https://support.apple.com/kb/HT208219
For iOS 11.1
WiFi: for iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later
Impact: an attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
https://support.apple.com/kb/HT208222
Not sure if there is anything for iPhone 6 or earlier.
https://support.apple.com/kb/HT201222
For macOS
WiFi: for macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: an attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
https://support.apple.com/kb/HT208221
For watchOS 4.1
WiFi: for Apple Watch Series 1 and Apple Watch Series 2
Impact: an attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
https://support.apple.com/kb/HT208220
For tvOS 11.1
WiFi: for Apple TV 4K
Impact: an attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
https://support.apple.com/kb/HT208219
For iOS 11.1
WiFi: for iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later
Impact: an attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
https://support.apple.com/kb/HT208222
Not sure if there is anything for iPhone 6 or earlier.
Last edited: