New to the Community? Start here.
I'd like to second this question. I've got a DCP3939 rented from Comcast and am in a crowded apartment with lots of people within range of it, so my paranoia is at least a tiny bit justified. I understand they don't want to jump the gun when it comes to security issues, but am eager to know if/when a router update is necessary and possible.
Again people. You need to update all your wifi clients comcast can not do this for you. Again comcast can patch all there gateways if even needed and until you update or replace your wifi clients you are still hackable.
Will XFINITY push new Arris T862G/CT moden firmware to fix KRACK vulnerability?
current f/w version is:
eMTA & DOCSIS Software Version:
Apple has released iOS and MacOS updates that fix the KRACK attack on some devices:
"Update: As Ars readers have pointed out, Apple's support documentation states that the iOS KRACK fix is available for iPhone 7 and later, and for the early 2016, 9.7-inch iPad Pro and later. That could leave many iOS devices still exposed."
I literally just got off the phone with Xfinity 2nd tier support asking about a patch for the DPC3941 modem. The woman "helping" me said 1) she has never heard of the krack wpa2 vulnerability, 2) none of her nearby colleagues has heard of it, 3) she can't find any information about it on her computer, and 4) she doesn't get internet access at work, so she can't search for information about it. I actually dropped my phone.
It's been a couple weeks now. There are patches available, when are you going to issue the patch?
Ok and can you tell me what your going to get if and when Comcast patches your Gateway ?? If you think the gateway is patched and your now in the clear and you no longer need to worry about KRACK you would be totally wrong.
When are you going to patch every device in your home that uses wifi ?? Because the router or Gateway is only one step you must do the second on your own.
We are posting here on the COMCAST forum in order to get COMCAST to patch the gateway hardware that we rent from COMCAST.
It is appropriate to post in a COMCAST forum to get a COMCAST provided device patched.
Just because we are posting here in this COMCAST forum does not mean that we are not also patching our other WiFi devices, or posting similar requests for patches in forums that correspond to the makers of other devices we use for WiFi.
We are all aware that multiple devices need to be patched. But COMCAST cannot patch those other devices, but they CAN and SHOULD patch the gateways that we rent from COMCAST.
In this forum, we should continue to request COMCAST to patch the devices that we rent from COMCAST.
At the very least, someone from COMCAST should post a message that acknowledges the issue and gives us a timeframe when the patch will be issued.
If that does not happen, then we should each call COMCAST and demand that they either replace the defective gateway we all have with a make/model that is properly patched ... or STOP charging us rent on our monthly bill for using a defective device ... and retroactively refund the monthly rent we have all been paying from the month in which KRACK was first discovered up until a patched gateway is provided. And if COMCAST refuses to do that, then we should complain to the city/town we live in (that gives COMCAST the franchise to be a monopoly service provider) and to the state Public Utility Commission.
I don't think comcast needs to patch many. The issue involving gateways or routers is only present when used in repeater mode or as a access point. I doubt many people are using there comcast provided gateways as repeaters or AP's not even sure they even support the mentioned modes of operation.
And yes if comcast has a security issue then they should patch but Krack is mostly a client side problem.
You said: "The issue involving gateways or routers is only present when used in repeater mode or as a access point. I doubt many people are using there comcast provided gateways as repeaters or AP's not even sure they even support the mentioned modes of operation. "
I have a Comcast-provided gateway Model DPC3941T (originally made by Cisco). I have no other access point in my home network.
... says this (the bolding is mine): "The Cisco Model DPC3941T DOCSIS 3.0 24x4 Wireless Residential Voice Gateway is multiple solutions in one product. It combines a cable modem, two-line digital voice adapter, a router, and 802.11n wireless access points in a single device."
It appears to me that the gateway devices that Comcast provides do indeed provide an Access Point function. For those customers who rent a gateway from Comcast, how else would the wireless devices in our homes connect to the Internet ... except through the device (Access Point) provided by Comcast?
Lets not get side tracked by what we call the device that we rent from Comcast.
I will refer to it as a "gateway" that functions as a cable modem, a router, and an access point.
Those functions are implemented by the firmware that runs in the "gateway". Among other things, that firmware implements the WPA2 protocol needed to securely connect a wireless device to the customer's local area netword defined in the "gateway's" configuration.
KRACK takes advantage of a flaw in that protocol.
We need someone from COMCAST to give us an "official" statement regarding whether or not the firmware that runs in the various "gateways" (that we rent from Comcast) is(or is not) vulnerable to KRACK, and if so ... what Comcast is doing to roll out firmware fixes that will mitigate the KRACK vulnerability in the "gateway".
It has been about 26 days since KRACK was first discovered, and yet no one from Comcast has the courtesy of posting here (or anywhere) informing us customers as to when we can expect a fix to this problem ... and yet Comcast continues to bill us monthly for renting a "gateway" with a possible vulnerability to KRACK.
Comcast: where are you????
KRACK is a "presumed" potential threat to WiFi networks (quotes because it is unclear to me from previous posts whether the Comcast-rented modem is vulnerable--although its generated WiFi newtork may be). Almost a month ago Comcast stated that a public statement, presumably regarding upgrades to firmware/software to protect users, is forthcoming. To date it has not appeared, neither in this forum nor in press coverage. I, for one, would like either confirmation from Comcast that our home networks are secure or that a fix is forthcoming. If these options are not available, then please provide a guide regarding steps to protect individual devices connected to the WiFi network made available by the Comcast-rented modem. Press, and professional, coverage of KRACK continues to increase. We need information!
I just spoke with Comcast Technical Support. She said they are working on a fix, but it's not complete yet. She said it will likely be a few more days before the fix is completed. She said they will push the fix out to affected gateways; they will let affected customers know about the fix; they will supply new hardware (gateways) if needed.
Houston XFinity Customer - TG1682G -- I use 2.4ghz and 5ghz - I would like to know when or if a patch/replacement for the Modem will be available. This modem/router has had numerous "hacked wifi" and "wps" connections already, even kicking them, making firewall rules against them, and changing the SSiD's and PW's have NOT Helped, it keeps happening. This has been happening to me since 2016, and as of 11-2017 -- I know some of "neighbors" around me are to blame, 1 for sure... as they changed my router's name, and pw - and I was able to view that information... and see all of their connected devices. -- They have not been confronted yet, and I don't plan on it, unless this continues after "whatever you decide to do" to fix these issues: (As of 11-20-2017) My WIFI on all devices including the Modem/Router in question is disabled, and will not be enabled until a fix is provided. (which is very tedious, Right next to T-Day, and X-Mas)
1) My cat frequently steps on the WPS Connect button -- please allow us to disable the WPS Button, or offer us a Modem without one... - Auto WPS is also (already) disabled, but not the "Button on top of the Modem/Router" This is how our neighbor got in the first time, Since then: I "CAT" proofed the modem/router/button so they can not press it... LoL
2) Fix this KRACK Vulnerability - Since the Methods and Vulneralbilty is now 100% KNOWN by the PUBLIC, as of OCTOBER 2017, supposedly this has been known to those underground individuals since 2016.. My router had many phantom connections connected to the WiFi, and a bunch of new devices were popping up, and showing "online" and I do not own anything BY APPLE - just M$, Android, here. (I REFUSE to buy anything from ANYONE Black Friday 99% off or not *whatever that has or uses WIFI, Including Smart anything, TVs, gaming consoles laptops, smart phones, etc etc) UNTIL MY ROUTER which everything connects to is FIXED via a security patch/firmware upgrade, or replacement.... IF it isn't fixed by December 31st, We may be dropping service. -- as we are tired of being hacked, and having "anyone" within "RANGE" use up our data bandwidth - whether the intent is malicious or NOT. and before you ask... YES THE OPEN WIFI, is disabled, using WPA2 here. for both 2.4ghz and 5ghz WiFi.
I live in a apartment and the woman on the 2nd floor asked if she could have my password because her wifi isn't connecting! I told her no and that I didn't know the password as when I received Router in mail I couldn't connect and Comcast changed the password and name of the router, I'm sorta telling the truth they did change it but I do know the password. When she came up to do the laundry she said see I'm connected to yours now! Is this true? Doesn't she need the password? Or can she use it for a couple of minutes while it's asking for the code? I'm just wondering if this is why I keep getting dropped Page's
Maybe she is connecting to your public hotspot; the SSID is xfinitywifi.
Robert Your correct as I never finished setting up the xfi app because I was uncontrollable having my devices listed I didn't know about the hotspot coming into my apartment. I wasn't getting any mail for about a month and yes sometimes I don't even use my tablet for a month! I just ended up on that xfi. Site my modem is listed as the old name I think X Setup and there's 3 devices running and 2 names like ones Winston I paused the devices but Xfinity doesn't give information on removing incorrect devices like Google does. And since I don't get guests over I want this hotspot gone! I'm so upset I could scream! Please advise how to fix this permanent and still get my mail. Thanks Debbie
we have experienced alomost the exact same thing for all of 2017. I need a new IP address, a refund for this crummy gateway Comcast barely supports, and frankly, the amount of turmoil these hackers have caused our family is law suit worthy. It amazes me that comcast support reps dont even acknowledge what is going on. They had me switch out my gateway and gave me the exact same model but with an even older firmware. If I keep this service I will purchase enterprise grade equipment going forward. What a total disservice Comcast is allowing to continue even after 6 months of being aware.
@sochimom. Have you already patched ALL your wifi devices and clients already ?? If not patching your gateway does nothing. Anyway your gateway is in router mode there for no patch needed likely why you have heard nothing from comcast.
If you have Comcast provided equipment it's unlikely that you're vulnerable. Access points have to support 802.11r in order to be vulnerable to KRACK which is a feature of high end or enterprise level equipment and not the cheap consumer stuff Comcast hands out.
This has really taught me a lot about how slow android security updates can be. My Moto phone finally got patched for KRACK last night. (More than four months after the public disclosure.) My Samsung android tablet is apparently "too old" to ever receive an update. I went shopping for a new tablet and after looking in two stores, I found all of the Samsung android tablets were still unpatched (they all had internet access in the stores.) So I bought an ipad. (Apple patched IOS devices months ago.) Much of what I used to do on Android devices already moved back to Windows which was patched right before the public disclosure.
This still leaves me with two devices on my local network that are unknown/unpatched. (One vendor said they are looking into it in October and has been silent since.) On the plus side, these devices do nothing that I consider secure or private.
As for my router, I own my own, and the vendor made it clear that no patch was needed. This is mostly a client-side attack and would only affect a router used as a client or one with some fancy (for home use) features. So, Comcast really had little if anything to do, but from our standpoint, as long as you do anything "important" on any unpatched (client) device, you should still be looking for a patch.
To help residents and emergency personnel stay connected during this time, Comcast is opening up Xfinity WiFi outdoor and SMB hotspots in these communities to anyone who needs them, including non-Xfinity Internet subscribers.
This will be starting at 4:00 PM ET on Monday, March 5, 2018, through Friday, March 16, 2018.
For more about these open Xfinity Hotspots see here.