An exploit that has taken the "protected" out of Wi-Fi Protected Access II (WPA2) means that your wireless network is likely not as safe as you once thought. What security researcher Mathy Vanhoef is calling "KRACK" attacks the handshake portion of the WPA2 protocol. Mobile Nations Senior Editor Jerry Hildenbrand put together a comprehensive guide on exactly how the exploit works and how you can protect yourself, also mentioning some information on patches containing a fix. To help you stay on top of which vendors are patching the vulnerability, we rounded them up here.
Router vendors that have issued KRACK patches
As mentioned in Hildenbrand's article, the best way to protect yourself from this exploit is to not use Wi-Fi at all until a proper fix has been proven. CERT has released notes on the KRACK problem, including a list of vendors whose equipment is vulnerable.
Some security-minded companies have already worked on fixes and are offering patches for both client and router. Check back often, as we will keep this list updated.
- Apple
- Arch Linux: WPA Supplicant patch, Hostapd patch
- Aruba
- Cisco Meraki_FAQ)
- DD-WRT
- Debian/Ubuntu
- Eero
- Fortinet
- Intel
- LEDE/OpenWrt
- Microsoft
- MikroTik
- Netgear: Only some products fixed, others remain vulnerable
- Open Mesh
- Ubiquiti
- Raspberry Pi (Jessie, Stretch)
- Synology
- Tanaza
- Watchguard Cloud
There are also a number of vendors listed as "Not affected" on the CERT website without further explanation from the vendors themselves. These include:
Furthermore, some companies have posted bulletins regarding their products that weren't affected.
Last updated: October 20, 2017, 12:21 pm EDT
