Welcome to Comcast Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,748,610

members

63

online now

1,906,984

discussions

Back to Top

KRACK attack, WPA2 vulnerability

Cable Expert

KRACK attack, WPA2 vulnerability

Comcast is aware of the issue but has not made an official statement yet. We'll keep you posted. 




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

New Poster

KRACK Attack

Hello,

Wanted to see if you have a fix for the KRACK attack yet or when it will be released.

 

https://www.krackattacks.com

 

 

 

Frequent Visitor

Re: KRACK Attack

This is a very good question. I would like to know if patches will be downloaded to our Comcast modems.  I see this as a serious security issue that needs to be fixed.

New Poster

Re: KRACK Attack

I would like to know what Cisco/Comcast is doing.  The DPC3941T is not listed on the Cisco site regarding this attack!  And I find nothing on the list of released patches.

 

 

New Poster

Re: KRACK Attack

Also interested in this. Please advise.

New Poster

Re: KRACK Attack

Cisco already has a posting on their blog:

https://blogs.cisco.com/security/wpa-vulns

 

However, they don't have a fix yet.

New Poster

Is there a router update to fix the KRACK wi-fi vulnerability?

Is there a router update to fix the KRACK wi-fi vulnerability?

Frequent Visitor

Re: KRACK Attack

(Folks reading this thread, keep in mind that client devices, independent of your Cisco or Netgear router access points, are still vulnerable.)

 

If you have a Comcast Netgear router, you'll find the latest firmware updates for all of the Netgear models here. Expect Comcast to confirm or clarify which models have to updated, if there haven't been any updates yet. 

 

New Poster

Re: KRACK Attack

I too am concerned whether Xfinity has a patch for this yet?  https://techcrunch.com/2017/10/16/heres-what-you-can-do-to-protect-yourself-from-the-krack-wifi-vuln... It is bad.

Regular Contributor

Re: KRACK Attack

(Cross posted elsewhere, sorry for the redundant answer)

You should be checking with your device manufacturers also about updates. Don't just rely on Comcast to fix the problem. Remember it's the WPA2 security protocol that's been cracked, and that affects nearly every wireless device that uses this method of secure connection.

Apple, for example, has already announced a fix for iOS, MacOS and tvOS. The fix they said, will also guard your device even if you connect to a compromised router.

But also:
"Ahead of the release of the update that addresses the vulnerabilities, customers who are concerned about attacks should avoid public Wi-Fi networks, use Ethernet where possible, and use a VPN."

https://www.macrumors.com/2017/10/16/krack-wifi-vulnerabilities-patched-apple-ios-macos/amp/
Regular Contributor

Re: KRACK Attack

Everyone needs to take a deep breath and stop acting as if the sky is falling. An attacker needs to be on the same Wi-Fi network as you in order to carry out any nefarious plans with KRACK.

 

You’re not suddenly vulnerable to everyone on the internet.

 

You can still take steps to safeguard against KRACK. The easiest thing would be to simply use a wired ethernet connection or stick to your cellular connection on a phone. If you need to use a public Wi-Fi hotspot—even one that’s password protected—stick to websites that use HTTPS encryption. Secure websites are still secure even with Wi-Fi security broken. The URLs of encrypted websites will start with “HTTPS,” while unsecured websites are prefaced by “HTTP.” The Electronic Frontier Foundation’s superb HTTPS Everywhere browser plug-in can force all sites that offer HTTPS encryption to use that protection.



<--> U.S. Navy Vietnam Era veteran. You're welcome. <-->
New Poster

Re: KRACK Attack

Yes, no reason to panic.

This is just a security hole being discovered. As a matter of fact it's been known since 2016.

No workable attacking tool exists as of yet.

Regular Visitor

Re: KRACK Attack

Wouldn't just turning off your wifi's SSID broadcast fix the problem?  If you are not broadcasting your SSID name wouldn't that prevent it?  How would a potential hacker know your SSID?

New Poster

Re: KRACK Attack

They could know beacuse your devices will broadcast the beacon when they go to connect. SSID hiding not all its cracked (get it?) up to be.

 

When you first power up the device (phone, etc) , it tries to connect to "known networks"

 

Yes the vuln has been around for quite some time, but now that its in the public domain, script kiddies all around the world will be trying to take advantage of it.

New Poster

Re: KRACK attack, WPA2 vulnerability

When will you have a solution? I will switch to the first cable company that comes up with one.
New Poster

KRACK

When will a firmware patch be sent out to wireless routers to fix the recently discovered wifi vulnerability known as KRACK. Also, how can I verify that it has been patched?
New Poster

Re: KRACK Attack

Actually, the attacers don't need to be on your network:

 

"the reason this matters is because the data transmitted by any of your devices could now be exposed and attackers don't need to be on the same network as you."

 

Source: https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it

New Poster

Re: KRACK attack, WPA2 vulnerability

Hi - I am just a regular user and learned of this attack through my employer who has shut down Wi-fi networks temporarily. My question is - My cell phone was connected to my home Wi-Fi last night and at some point Data Roaming was activated. Does that mean that my phone may have been compromised by this hack?

New Poster

Re: KRACK attack, WPA2 vulnerability

Any update on this? My modem spontaneously rebooted last night. This may have been to install a firmware patch. It interrupted the Internet streaming that was currently in progress.
No word from Comcast/Xfinity. I wish they would at least send out an email when they interrupt service.

Frequent Visitor

Re: KRACK attack, WPA2 vulnerability

Kellan927 wrote:

Hi - I am just a regular user and learned of this attack through my employer who has shut down Wi-fi networks temporarily. My question is - My cell phone was connected to my home Wi-Fi last night and at some point Data Roaming was activated. Does that mean that my phone may have been compromised by this hack? 

So data roaming is a carrier thing, and it has nothing to do with the vulnerability. (In fact, if you have a generous data plan for your phone, and if you're paranoid, you should turn off Wi-Fi and use that until you're certain your phone has been updated against this new vulnerability.)

 

As for the vulnerability: It's not the Wi-Fi routers per se that are vulnerable, although internet routers can be vulnerable, but the real threats are the clients that are connected to those Wi-Fi access points. KRACK is a Man In The Middle (MITM) attack, so it basically tricks your iPhone or laptop into connecting to a tampered "clone" of the "real" network this iPhone or laptop is  supposed to be connected to. It does so by "cloning" the access point and using the same MAC address as the "real" access point. 

 

The attacker in the above scenario would be able to snoop on any data you send through unprotected websites. Everyone should use a web browser extension that forces HTTPS (HTTPS Everywhere; and for good measure, install any other extensions that enhance privacy). However, there's a really malicious version of this attack that can actually force an unprotected co...

 

If you are at real tangible risk, you probably already know it: Government workers, large enterprises, etc. 

 

Residential internet users don't have as much to worry about, unless you're paranoid and have reason to believe you would be a juicy target of this new attack (you would also have to read up on just which devices and operating systems are at worst risk).

 

If you have an iPhone 5s and above (the models getting updates), you should have nothing to worry about, since Apple will push out an update pretty soon, as is their track record. If you have an Android that isn't a flagship, and that released over 6 months ago, well. . . 

 

This is not the last time such a vulnerability will be discovered. Take a real good look at how quickly an update is pushed out for your electronic Wi-Fi enabled devices. Smartphones, your router, some internet connected toaster you have (I hope those aren't real), and the next time you buy something (say a router or a smartphone), be sure to prioritize the commitment to quick security updates that each company promises (and their proven record of doing so). 

 

*Uh, I should clarify—someone mentioned this above— that there is still no hacking tool available in the wild. This is all proof-of-concept. If hackers manage to create a tool and steal data, that will be reported on the news (or at least on techie sites, depending on the target); for now this hasn't happened. Expect developments on this matter.

 

 

New Poster

Re: KRACK attack, WPA2 vulnerability

Any updates on when a patch will be available, and will Comcast/XFinity be pushing those out to the WiFi routers directly? 

New Poster

wireless threat

My company is doing an upgrade to servers tonight. What is the plan for comcast to protect us from Krack wifi vulnerability? 

 

https://techcrunch.com/2017/10/16/heres-what-you-can-do-to-protect-yourself-from-the-krack-wifi-vuln...

New Poster

Re: KRACK Attack

Known since 2016?  Please cite and post your sources for your "information."

New Poster

Re: KRACK attack, WPA2 vulnerability

No statement from Comcast/xfinity on this security issue is unacceptable.  

I am captive in a monopoly situation with Comcast/xfinity as my only viable source of broadband access to the internet - and the engineers at 1 Comcast Center cannot provide their paying customers - especially business customers - with some reasonable explanation so how secure their network is.
Comcast Corporation touted in April 2017 that it is now the largest broadband provider in the nation - 25.1 million subscribers (https://www.recode.net/2017/4/27/15413870/comcast-broadband-internet-pay-tv-subscribers-q1-2017)

With that tremendous customer base - comes tremendous responsibility.  Please live up to that responsibility and inform your customers of the fixes planed for the in-home and business wifi routers that those customers expect to be secure.  That is what they are paying for, isn't it.

Frequent Visitor

Re: wireless threat


debbiedenmark wrote:

My company is doing an upgrade to servers tonight. What is the plan for comcast to protect us from Krack wifi vulnerability? 

 

https://techcrunch.com/2017/10/16/heres-what-you-can-do-to-protect-yourself-from-the-krack-wifi-vuln...



This is a major Wi-Fi security protocol vulnerability, so Comcast is only responsible if your company's Wi-Fi router access point(s) is being broadcast with equipment that belongs to Comcast or is supposed to be mantained by them (third party vendors). If that's the case, you'll need to wait for a statement. Obviously, any company would be better of using dependable vendors (like Ubiquiti).

 

Every other internet connected equipment needs to be updated independent of any routers if they are Wi-Fi enabled. 

New Poster

Re: KRACK attack, WPA2 vulnerability

Patches for various equiptment are coming out today, Comcast have to wait for theirs too.
I too would like to know if we have to do anything when one is ready however or will it be pushed automatically?

For your home network I really wouldnt worry too much. Just Watch for vans sitting outside your house (within 50 feet)
Even then they would have to have knowledge that isnt very widespread yet. not at all

Just relax everyone

New Poster

Re: KRACK attack, WPA2 vulnerability

KRACK is a handshake replay attack that can be used to connect to your network. One of the things you can do is dial down your network's power because this attack can only be launched from a location that can see your network. You may have to be closer to your wireless box to connect, but you'll be safer.You can also use the wired connection and turn off the wireless. I have a friend in the cyber security business that is turning off his wireless on his Comcast router (no, it's not a modem) and he will plug in a patched wireless router (he has a list of the one's that are already fixed).The attacker captures the handshake that takes place between your network and a connecting device. It then replays the handshake (with an altered 3rd part of the handshake) and forces a session key of its choosing. Do you want someone connecting to your network and browsing through the files on your devices? The "fix" is to turn off handshake replays. I guess disabling a feature of the protocol is a fix when the feature is flawed. There are already attacks to home routers such as attacks to the feature that allows you to push a button to connect rather than typing in a long boring.password. This attack can't happen out of the blue. Someone has to work to capture the handshake. You phone could have been attacked. Does it have a hot-spot feature that you use? Is it Android 6 (the most vulnerable OS)? Talk that there are no attacks out in wild is not reassuring to me. I would have no way of really knowing what attacks are "out there"

New Poster

Re: KRACK attack, WPA2 vulnerability

comcast, please make an official statement on this - please disclose which model gateways are vulnerable and your plans to address

New Poster

Re: KRACK attack, WPA2 vulnerability

Seriously? All technology companies are working on thier patches. This is not an immediate threat to you unless someone was parked outside your house. Patience.

New Poster

Re: KRACK Attack

There's a handy extension for Opera & Firefox and Chrome browsers called HTTPS everywhere - it lets you know if you're connected to a secure site, and will (depending on preferences) keep you from logging on to sites without HTTPS. Also, Opera now comes with a limited country selection (but free) VPN.

New Poster

Re: KRACK attack, WPA2 vulnerability

how can you tell if the firmware has been updated?

Regular Contributor

Re: KRACK attack, WPA2 vulnerability

My last thoughts on the matter:

 

Remember the old WiFi encryption standard, WEP, and why we don't use it anymore?

 

Exactly:  It was cracked, so we implemented the WPA standard.

But guess what? Now WPA2 has been cracked. What now?

 

We fix it, of course.

 

And then another crack will come down the line, and then we fix that.

 

And so on.

 

Let's face it: by its very nature, WiFi is always going to be vulnerable to this kind of attack, because it's being broadcast over publicly accessible airwaves. If security is a paramount concern, your WiFi use -particlarly over open, unsecured networks like public hotspots - should be severely limited anyway. 

 

There's a saying: There is no such thing as a secure system, only varying degrees of risk. Security measures only give us time to either deter or counter an intrusion.

 

But given enough time and resources, any secured system can be breached, whether it's a museum with priceless van Gogh paintings (like what happend in the UK in 2003) or the Equifax servers. But the converse is also true: While the KRACK vulnerability is an issue, it's not going to directly affect the vast majority of internet users. For one thing, any would be attacker would have to judge you to be a valuable target, so unless you're a high level government or corporate official with access to important, marketable information, I seriously doubt you're at risk at all, and if you are one, your IT people would've already impletmented considerable security measures anyway. Being a nobody on the internet is an asset these days. 

 

Besides, the biggest vulnerabilty lies not with the routers and access points, but with the devices people have. Note that Android 6 (and earlier versions) is particularly vulnerable, so think about that cheapo Android phone you got because you got a great deal - when was the last time a security patch was installed on it? Or for that matter, when was the last security patch you installed on any device you have?

 

What about your Internet of Things (IoT) device like your Smart TV or your wireless camera? Did you bother changing the default settings so a random attacker can't use it to gain access to your system? Heck, you'd be surprised how many devices out there use the defaul logon "admin"  with the password as "password" and their users never bothered to change it. 

 

So let's use this event to seriously look at ALL our internet security habits and practices, and see what we can do to improve. 

 

Rant over. Cat LOL

New Poster

Re: KRACK attack, WPA2 vulnerability

Bronze Problem Solver

Re: KRACK attack, WPA2 vulnerability

You Comcasties are going to have to understand this issue is more of a client problem. Sure there are some routers that will need a patch but the vast majority will be devices and i mean every single one of them that connect over wifi. 

 

Bottom line here Comcast can patch every gateway they own and unless your clients are patched it means nothing. Your still hackable. 

Connection Expert

Re: KRACK attack, WPA2 vulnerability

Yeah hi !! right back at ya' Jim !!!    Hope you are well old pal !! Smiley Happy




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Bronze Problem Solver

Re: KRACK attack, WPA2 vulnerability

Always good to see you around EG !!!!  Hope all is good with you as well.  

Connection Expert

Re: KRACK attack, WPA2 vulnerability

Can't complain bud !! Don't be such a stranger !!  Smiley Wink




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Contributor

Re: KRACK Attack

perhaps it aint falling yet and was found by researchers.  

but if apple has a fix in the works (beta) why dosen't comcast and/or or their router suppliers have something?

 

USN 60s and 70s Submarine; 571, 633, 659 boats; vet (FYI for L1ngus) 

 

 

Bronze Problem Solver

Re: KRACK Attack

Are all your client devices patched ?? Thats a better question. This is not really a comcast issue. 

New Poster

TG1682_2.7p6s2_PROD_sey

Hi - is there an update coming quickly for the krack issue? I have the Arris TG1682
Service Expert

Re: TG1682_2.7p6s2_PROD_sey


kolree wrote:
Hi - is there an update coming quickly for the krack issue? I have the Arris TG1682

http://forums.xfinity.com/t5/Your-Home-Network/KRACK-attack-WPA2-vulnerability/m-p/2983239#M265504




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

New Poster

Wifi vulnerability

How can I ensure that I have the latest firmware patches installed on my rented 'gateway/ modem'?

Regular Visitor

KRACK attack, WPA2 vulnerability

Where is the KRACK patch?

Frequent Visitor

Re: KRACK attack, WPA2 vulnerability

Perhaps we should all call Comcast customer service and demand that Comcast STOP CHARGING us monthly rent on the modem/router until such time as they download an appropriate fix for the KRACK vulnerability.

 

Why should we customers have to pay monthly rent on a modem/router with a KNOWN flaw.

 

 

 

Bronze Problem Solver

Re: KRACK attack, WPA2 vulnerability

Do most of you even read the information posted here ??  You keep acting as if comcast is going to magically fix this for you. It's not a comcast issue it's your issue. Patching your gateway wont do much if anything. You all need to update every single client device on your network that uses wifi. Comcast can not help you with this your on your own to research what devices you have and what ones will be patched and what ones may need to be replaced if they are no longer supported. 

 

Again this KRACK issue is up to the person to patch or replace ALL wifi devices that will be on your network. Comcast can not do this for you.  

Silver Problem Solver

Re: KRACK attack, WPA2 vulnerability

Also, Comcast does NOT manufacture the gateways. They are made by Cisco and Arris. It's up to them to update the code, then Comcast has to test that it doesn't cause problems, then they can roll it out.

 

Here is an article about what updates are available:

https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vu...

New Poster

Re: KRACK Attack

unfortunately this is not true.  By sitting in the middle of a WiFi connection (as KRACK lets an attacker do) he/she can run an SSL decryption process that will unencrypt and then re-encrypt all data you send and recieve.  So in effect you encrypt data, send it to the attacker - who decrypts it.  The attacker then re-encrypts the data nad sends it to the original website you were trying to get to.

 

The fix for  this is something called certificate pinning that will ensure that the data is not decryped and re-encrypted in transit.  However, sites such as Wells Farg, Chase, Bank or America and DO NOT use cetificate pinning and therefore your data can be read.

New Poster

Re: KRACK Attack

Turning off broadcasting doesnt helpl much, Your AP still needs to send out signals in order for you to connect and vecause of that it doesnt do anything. 

New Poster

Re: KRACK Attack

Being stupid is NOT a sufficient answer to Xfinity customer concerns about security and ignoring the problem is stupid. If comcast cannot fix it they can come and take it out.

Frequent Visitor

Re: KRACK Attack

Regarding the DPC3941T residential gateway provided by Comcast ...

The DCP3941T was originally made by Cisco. However, as of November 20, 2015, Technicolor has acquired Cisco's Connected Device Division.

This page:

http://www.kb.cert.org/vuls/id/JLAD-AS9JHN

... contains the following statement from Technicolor ...

In practice, no gateway or modem manufactured by Technicolor, implementing WiFi Access point routing function is affected by this class of attack. This is due to the fact that the vulnerable function allowing practical attack against the Access Point is not present. The end users should continue to use their Technicolor gateway or modem without changing WPA2 settings. In particular, none of these attacks is able to retrieve the WPA private passphrase. This recommendation is also valid for the legacy Thomson and Cisco branded gateways and modems.

Is there anyone from Comcast who can verify the statement made by Technicolor ... that the DPC3941T is not vulnerable to KRACK?