Welcome to Comcast Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,760,725

members

77

online now

1,916,723

discussions

Back to Top

KRACK attack, WPA2 vulnerability

Cable Expert

KRACK attack, WPA2 vulnerability

Comcast is aware of the issue but has not made any official statement on the issue yet. We'll keep you posted. 




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

New Poster

New wpa2 problem

New Poster

Re: New wpa2 problem

2nd

New Poster

Re: New wpa2 problem

Me 3?

New Poster

Re: New wpa2 problem

Came here to ask the same question!

New Poster

Re: New wpa2 problem

Please notify us of your progress Xfinity!    All hotspots are vulnerable until patched.

New Poster

Re: New wpa2 problem

What are suppose todo to prevent this WPA2 Hack?

Cable Expert

Re: New wpa2 problem


kevinwells5 wrote:

What are suppose todo to prevent this WPA2 Hack?


Well, the hack isn't in the wild yet, so you don't have to do anything. University researchers have just reported that there are vulnerabilities. No one has exploited the vulnerabilities yet. 




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

New Poster

Re: New wpa2 problem

I am also wondering the same thing. Hopefully, Comcast chimes in soon. I've subscribed to this thread.

Regular Contributor

Re: New wpa2 problem

You should be checking with your device manufacturers also about updates. Don't just rely on Comcast to fix the problem. Remember it's the WPA2 security protocol that's been cracked, and that affects nearly every wireless device that uses this method of secure connection.

Apple, for example, has already announced a fix for iOS, MacOS and tvOS. The fix they said, will also guard your device even if you connect to a compromised router.

But also:
"Ahead of the release of the update that addresses the vulnerabilities, customers who are concerned about attacks should avoid public Wi-Fi networks, use Ethernet where possible, and use a VPN."

https://www.macrumors.com/2017/10/16/krack-wifi-vulnerabilities-patched-apple-ios-macos/amp/
New Poster

Re: New wpa2 problem

What XFinity is failing to say but should say is “ until a patch is issued or the threat is fully understood all should proceed and assume that your wireless network is not currently protected by encryption. Don’t share sensitive information on your wireless network particularly if you are using a non https connection.

@XFinity, what is wrong with issuing a statement with an abundance of caution as opposed to leaving people potentially vulnerable by remaining silent.

New Poster

KRACK vulnerability

Is there an internet security patch being worked on to prevent KRACK from intercepting encrypted wireless traffic from xfinity WiFi? Anyone?

Regular Contributor

Re: KRACK vulnerability

Everyone needs to take a deep breath and stop acting as if the sky is falling. An attacker needs to be on the same Wi-Fi network as you in order to carry out any nefarious plans with KRACK.

 

You’re not suddenly vulnerable to everyone on the internet.

 

You can still take steps to safeguard against KRACK. The easiest thing would be to simply use a wired ethernet connection or stick to your cellular connection on a phone. If you need to use a public Wi-Fi hotspot—even one that’s password protected—stick to websites that use HTTPS encryption. Secure websites are still secure even with Wi-Fi security broken. The URLs of encrypted websites will start with “HTTPS,” while unsecured websites are prefaced by “HTTP.” The Electronic Frontier Foundation’s superb HTTPS Everywhere browser plug-in can force all sites that offer HTTPS encryption to use that protection.



<--> U.S. Navy Vietnam Era veteran. You're welcome. <-->
New Poster

When will Comcast patch home equipment for Krack vulnerabiliity?

I have a Comcast supplied modem with WiFi. When will/how to I get it patched for Krack vulnerability?

New Poster

Arris T6862G Gateway Router - WPA2 Flaw Fix

I rent an Xfinity Arris T6862G Gateway Router.  Recently reported WPA2 flaw (https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-tra...) means that routers need to to apply fix.

Arris does not have any information on fix (http://www.kb.cert.org/vuls/id/CHEU-AS7JWW)

Please let me know when a patch will be released, instructions to access, and apply the patch.

Thanks in advance!

New Poster

WPA2 Vulnerability - Does Modem/Router have an upgrade to fix this problem?

A series of industry-wide announcements were published regarding the discovery of several security vulnerabilities found in certain implementations of a widely adopted wireless standard, Wi-Fi Protected Access II (commonly referred to as WPA2). These vulnerabilities affect products across major Wi-Fi infrastructure and Wi-Fi client providers.

 

I would like to know if the cable modem/router has the most recent firmware to fix this problem?

 

Thanks,

MM

New Poster

WPA2 wifi vulnerability

What is Comcast doing about the newly announced WPA2 wifi vulnerability?

Connection Expert
Moved:

Re: WPA2 Vulnerability - Does Modem/Router have an upgrade to fix this problem?

Connection Expert
Moved:

Re: WPA2 Vulnerability - Does Modem/Router have an upgrade to fix this problem?

New Poster

Re: KRACK attack, WPA2 vulnerability

comcast, please make an official statement on this - please disclose which model gateways are vulnerable and your plans to address

Service Expert

Re: KRACK attack, WPA2 vulnerability

comment only...

The Krack is a man in the middle attack and only a device on your own home network would have to be 'in the middle'. your WPA2 security 4 step handshake/password is secure. The hack requires a device on your home network to be running the malware and by multiple resend requests causes the packet number counter to be reset to 0. Since the home gateway (modem+wifi) receive boot loaders automatically when available (there will be no lag when the possibllity of the counter reset has been removed).




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon