Apple Says 'KRACK' Wi-Fi Vulnerabilities Are Already Patched in iOS, macOS, watchOS, and tvOS Betas

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Oct 16, 2017.

  1. nutmac macrumors 68040

    Joined:
    Mar 30, 2004
    #201
    I understand client needs to be protected. But Eero also confirmed that their latest patch will prevent KRACK on unpatched client devices.
     
  2. CaTOAGU macrumors 6502a

    Joined:
    Jul 15, 2008
    Location:
    Manchester, UK
    #202
    Any chance you could direct me to where they confirmed this? I can't find it.
     
  3. vmachiel macrumors 68000

    Joined:
    Feb 15, 2011
    Location:
    Holland
    #203
    I want Bluetooth off because I don't use it, and I want wifi off to prevent tracking.
     
  4. Jayson A macrumors 68000

    Joined:
    Sep 16, 2014
    #204
    Well that's dumb. If Apple wasn't constantly releasing buggy updates, I'd probably be happily on iOS 11, but I'm not dealing with another year of waiting for Apple to fix everything only to turn around and break it all again.
     
  5. nutmac macrumors 68040

    Joined:
    Mar 30, 2004
    #205
  6. CaTOAGU macrumors 6502a

    Joined:
    Jul 15, 2008
    Location:
    Manchester, UK
    #206
    The way I read that reply doesn't equate to it protecting client devices. The reply says, "your eero network should be protected against the KRACK security flaw". I think this means the network OF your Eero devices, mesh network devices are vulnerable against KRACK unless patched - this is what Eero's update does. The reply goes on to say that they recommend updating any connected devices, this means client devices such as iPhones, Android phones, etc.

    So I read this as client devices could still be vulnerable even on a patched Eero network.
     
  7. OldSchoolMacGuy macrumors 68040

    OldSchoolMacGuy

    Joined:
    Jul 10, 2008
    #207
    Instead you believe Apple should make every change to bend to your will and use case, ignoring the majority? Sounds brilliant.
     
  8. Agent2015 macrumors 6502

    Agent2015

    Joined:
    Oct 17, 2015
    Location:
    Sonoran Desert
    #208
    Ethical responsibility? Imagine how the android crowd feels right about now.
    --- Post Merged, Oct 18, 2017 ---
    Actually it is a big ask not just of Apple but of all other vendors affected by the vulnerability otherwise this issue would disappear almost immediately. But I think Apple will end up surprising most of the naysayers in short order. As far as other "smart" devices out there especially android based ones, good luck.
    --- Post Merged, Oct 18, 2017 ---
    Yes! Time to migrate to the green pastures of Android! (in case you can't tell, I was kidding...at least for me)
    --- Post Merged, Oct 18, 2017 ---
    Behind the ball compared to whom? I think the whole industry is behind the ball with situations like this one. Apple is doing as good a job as can be expected considering the magnitude of the problem. Other current platforms will see horrendous delays or probably never be updated at all. I know a lot of android users out there in a world of hurt when they haven't seen a single update much less for KRACK and thats for relatively new hardware. Imagine how they feel.
    --- Post Merged, Oct 18, 2017 ---
    If Knox is so good why are you here? And I don't think Knox is as secure as you would like to believe. Go do a search for Knox vulnerabilities. Law enforcement certainly prefers to crack Samsung/Android devices over iOS devices any day.
    --- Post Merged, Oct 18, 2017 ---
    What about Windows 95, 98 ,XP , Vista? Any OS capable of wifi?

    I think we will learn much in terms of the Apple response in the next few days.
     
  9. dumastudetto macrumors 68030

    Joined:
    Aug 28, 2013
    #209
    Yes well Eero devices act as clients, that's how a mesh network works. So Eero's did need patching, as does any wireless extension devices. Most routers can also work in client mode so they need patching too.

    I'll need to listen to Steve Gibson's excellent podcast because I know he discusses it this week. But I am absolutely sure patched routers won't do anything to protect you while still using an unpatched client system.
     
  10. Agent2015 macrumors 6502

    Agent2015

    Joined:
    Oct 17, 2015
    Location:
    Sonoran Desert
    #210
    This statement is patently false. I running iOS 11.0.3 (and iOS 11.1 Beta 3) in everything from a lowly iPhone 6 (16GB) through a iPhone 7 Plus with no issues whatsoever. Even so I prefer peace of mind of security patches.
     
  11. boppin macrumors regular

    Joined:
    Jun 14, 2008
    #211
    I look at the purchases tab in the Mac App Store, and yes, I can download El Capitan. Even older versions of OSX.
     
  12. domquark macrumors newbie

    Joined:
    Oct 17, 2017
    #212
    As long as you have a good Wi-Fi password, and your Wi-Fi is only used by trusted devices, then you are OK.

    KRACK does NOT (and cannot) decrypt the password, so for a KRACK Attack to work, the attacker MUST be joined to your network already. Keep your password complex and you will be safe. Your only risk is if a staff member launches the attack from the inside. If you are really concerned, use programmable access points like Ubiquiti's Unifi, which already has firmware available to prevent the attack. While KRACK is launched from a client, it can be prevented with a good access point.
    --- Post Merged, Oct 18, 2017 ---
    Alas, you fail to mention a very important point - KRACK cannot decode the WPA2 password, so any attacker MUST be joined to the network (and therefore know the WPA2 password) before launching any attack. So the attack can only come from INSIDE the network. On a public Wi-Fi, this may be possible, but much more unlikely on a private network. Therefore, unless you have a really easy password for your Wi-Fi, or allow anyone and everyone onto your home/office network, you will be fine.
    If you are really worried, WPA2 supports [ASCII] passwords up to 63 characters in length, so creating a really complex one is one way to protect yourself (and don't give it to people you don't trust!).
     
  13. steve123 macrumors 6502

    Joined:
    Aug 26, 2007
    #213
    You misunderstand how Krack works. The whole purpose of Krack is to exploit WPA2 in such a way as the attacker does not require the WPA2 password. The attacker simply needs to be in radio range of the WiFi network.
     
  14. CaTOAGU macrumors 6502a

    Joined:
    Jul 15, 2008
    Location:
    Manchester, UK
    #214
    We’re in agreement.
     
  15. killhippie macrumors regular

    killhippie

    Joined:
    Jan 12, 2016
    Location:
    UK
    #215
    Most routers are not in client mode, when bridged yes but Netgear for one states that their routers when in normal router mode are not vulnerable, only when acting as a bridge. So not all AP's need patching straight away but will be of course in the long run depending on their age mind you.

    'Routers and gateways are only affected when in bridge mode (which is not enabled by default and not used by most customers). A WPA-2 handshake is initiated by a router in bridge mode only when connecting or reconnecting to a router.'

    https://kb.netgear.com/000049498/Se...ies-PSV-2017-2826-PSV-2017-2836-PSV-2017-2837
     
  16. Jayson A macrumors 68000

    Joined:
    Sep 16, 2014
    #216
    I beg to differ. My friend updated to iOS 11 and he regrets doing it. He says he gets random freezes now and some things don't even load. He's got an iPhone 7 Plus just like me.

    If it were possible to revert back to 10.3.3, I'd update to iOS 11 and try it myself, but without the ability to roll back, I can't take the chance in case I don't like it.
     
  17. BlueBook macrumors newbie

    BlueBook

    Joined:
    Jun 22, 2017
    Location:
    Earth
    #217
    Would I be correct in assuming krack does not affect the security of LTE internet connections?
     
  18. CaTOAGU macrumors 6502a

    Joined:
    Jul 15, 2008
    Location:
    Manchester, UK
    #218
    Yes that's correct, only WPA/WPA2 connections to WiFi networks.
     
  19. s1m macrumors 6502

    Joined:
    Apr 28, 2008
    #219
    If you don't use BT then surely the toggle in the control centre is not used at all?

    Who is tracking you via WiFi?
     
  20. vmachiel macrumors 68000

    Joined:
    Feb 15, 2011
    Location:
    Holland
    #220
  21. doctor-don macrumors 65816

    Joined:
    Dec 26, 2008
    Location:
    Georgia USA
    #221
    Wi-Fi Vulnerabilities Are Already Patched
    - BUT they are NOT patched until those updates appear on our devices.
     
  22. alex0002 macrumors 6502

    Joined:
    Jun 19, 2013
    Location:
    New Zealand
    #222
    Microsoft Windows Vista (unsupported) is 10 years old and Windows 7 is 8 years old, so I hope that Apple can match that and support those 8 years old laptops, desktops and OS releases.
     
  23. BoulderAdonis macrumors regular

    BoulderAdonis

    Joined:
    Apr 30, 2012
    Location:
    Palo Alto, CA
    #223
    I wouldn’t say *never*. But, we certainly aren’t quite there yet ... :)

    It’s called “formal verification”:

    https://www.wired.com/2016/09/computer-scientists-close-perfect-hack-proof-code/
     
  24. DeanLubaki macrumors regular

    DeanLubaki

    Joined:
    May 29, 2014
    Location:
    Toronto | Montréal | Québec
    #224
    It's not "no use". It helps save battery in many situations, for instance, when an app requests your location, depending on how many Wi-Fi networks are available, it might not even need to use the GPS because the Wi-Fi location will be enough.
     
  25. alex0002, Nov 2, 2017
    Last edited: Nov 2, 2017

    alex0002 macrumors 6502

    Joined:
    Jun 19, 2013
    Location:
    New Zealand
    #225
    Security updates
    https://support.apple.com/kb/HT201222

    For macOS
    WiFi: for macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
    Impact: an attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
    https://support.apple.com/kb/HT208221

    For watchOS 4.1
    WiFi: for Apple Watch Series 1 and Apple Watch Series 2
    Impact: an attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
    https://support.apple.com/kb/HT208220

    For tvOS 11.1
    WiFi: for Apple TV 4K
    Impact: an attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
    https://support.apple.com/kb/HT208219

    For iOS 11.1
    WiFi: for iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later
    Impact: an attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
    https://support.apple.com/kb/HT208222

    Not sure if there is anything for iPhone 6 or earlier.
     

Share This Page