Welcome to Comcast Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,746,843

members

16

online now

1,905,415

discussions

Back to Top

KRACK attack, WPA2 vulnerability

New Poster

Re: KRACK Attack

I'd like to second this question. I've got a DCP3939 rented from Comcast and am in a crowded apartment with lots of people within range of it, so my paranoia is at least a tiny bit justified. I understand they don't want to jump the gun when it comes to security issues, but am eager to know if/when a router update is necessary and possible.

Bronze Problem Solver

Re: KRACK Attack

Again people. You need to update all your wifi clients comcast can not do this for you. Again comcast can patch all there gateways if even needed and until you update or replace your wifi clients you are still hackable. 

New Poster

Re: Home Security Firmware Updates

When was DPC3941_2.7p8s1_PROD_sey released, and does it block teh KRACK attack?

 

New Poster

DPC3941T Update from cisco re krack hack

Anyone know if Cisco or Comcast is working on a firmware update due to "KRACK"??

Especially  DPC3941T gateway from comcast?

Thanks much!

New Poster

Modem f/w for KRACK vulnerability

Will XFINITY push new Arris T862G/CT moden firmware to fix KRACK vulnerability?

current f/w version is:  

eMTA & DOCSIS Software Version:

9.1.103M2AB.SIP.PC20.CT

HW Version: 5
Vendor: 07112016
BOOT Version: 1.2.1.62
Core Version: 9.1.103M2AB.SIP.PC20.CT
Model: TG862G
Product Type: TG862G
Flash Part: 32MB
Download Version: 9.1.103M2AB.SIP.PC20.CT
Serial Number: D6JBU4EC5529172
Connection Expert
Moved:

Re: KRACK Attack

Connection Expert
Moved:

Re: KRACK attack, WPA2 vulnerability

Connection Expert
Moved:

Re: KRACK attack, WPA2 vulnerability

New Poster

Re: KRACK attack, WPA2 vulnerability

This issue has been around longer than people think, now it should finally get the attention it deserves! 

https://cloudspress.com

Silver Problem Solver

Re: KRACK attack, WPA2 vulnerability

Apple has released iOS and MacOS updates that fix the KRACK attack on some devices:

https://arstechnica.com/gadgets/2017/10/apple-releases-macos-10-13-1-and-ios-11-1-with-a-krack-fix-a...

 

"Update: As Ars readers have pointed out, Apple's support documentation states that the iOS KRACK fix is available for iPhone 7 and later, and for the early 2016, 9.7-inch iPad Pro and later. That could leave many iOS devices still exposed."

New Poster

Re: KRACK Attack

I literally just got off the phone with Xfinity 2nd tier support asking about a patch for the DPC3941 modem.  The woman "helping" me said 1) she has never heard of the krack wpa2 vulnerability, 2) none of her nearby colleagues has heard of it, 3) she can't find any information about it on her computer, and 4) she doesn't get internet access at work, so she can't search for information about it.  I actually dropped my phone.

New Poster

Re: KRACK attack, WPA2 vulnerability

It's been a couple weeks now.  There are patches available, when are you going to issue the patch?

Bronze Problem Solver

Re: KRACK attack, WPA2 vulnerability


This_i5_D0g wrote:

It's been a couple weeks now.  There are patches available, when are you going to issue the patch?


Ok and can you tell me what your going to get if and when Comcast patches your Gateway ?? If you think the gateway is patched and your now in the clear and you no longer need to worry about KRACK you would be totally wrong.

 

When are you going to patch every device in your home that uses wifi ?? Because the router or Gateway is only one step you must do the second on your own. 

Frequent Visitor

Re: KRACK attack, WPA2 vulnerability

Jim721,

 

We are posting here on the COMCAST forum in order to get COMCAST to patch the gateway hardware that we rent from COMCAST.

 

It is appropriate to post in a COMCAST forum to get a COMCAST provided device patched.

 

Just because we are posting here in this COMCAST forum does not mean that we are not also patching our other WiFi devices, or posting similar requests for patches in forums that correspond to the makers of other devices we use for WiFi.

 

We are all aware that multiple devices need to be patched. But COMCAST cannot patch those other devices, but they CAN and SHOULD patch the gateways that we rent from COMCAST.

 

In this forum, we should continue to request COMCAST to patch the devices that we rent from COMCAST.

 

At the very least, someone from COMCAST should post a message that acknowledges the issue and gives us a timeframe when the patch will be issued.

 

If that does not happen, then we should each call COMCAST and demand that they either replace the defective gateway we all have with a make/model that is properly patched ... or STOP charging us rent on our monthly bill for using a defective device ... and retroactively refund the monthly rent we have all been paying from the month in which KRACK was first discovered up until a patched gateway is provided. And if COMCAST refuses to do that, then we should complain to the city/town we live in (that gives COMCAST the franchise to be a monopoly service provider) and to the state Public Utility Commission.

New Poster

Re: KRACK attack, WPA2 vulnerability

So does that mean a patch hasn't been issued?

New Poster

KRACK vulnerability

What are you doing or have done to protect your gateways from the KRACK vulnerability?
Bronze Problem Solver

Re: KRACK attack, WPA2 vulnerability

I don't think comcast needs to patch many. The issue involving gateways or routers is only present when used in repeater mode or as a access point. I doubt many people are using there comcast provided gateways as repeaters or AP's not even sure they even support the mentioned modes of operation. 

 

And yes if comcast has a security issue then they should patch but Krack is mostly a client side problem. 

Frequent Visitor

Re: KRACK attack, WPA2 vulnerability

Jim721,

 

You said: "The issue involving gateways or routers is only present when used in repeater mode or as a access point. I doubt many people are using there comcast provided gateways as repeaters or AP's not even sure they even support the mentioned modes of operation. "

 

I have a Comcast-provided gateway Model DPC3941T (originally made by Cisco). I have no other access point in my home network.

 

This site:

https://www.dslreports.com/r0/download/2234717~41385a0f2e778ed11c009a204b796cad/C78-733352-00.pdf

 

... says this (the bolding is mine):  "The Cisco Model DPC3941T DOCSIS 3.0 24x4 Wireless Residential Voice Gateway is multiple solutions in one product. It combines a cable modem, two-line digital voice adapter, a router, and 802.11n wireless access points in a single device."

 

It appears to me that the gateway devices that Comcast provides do indeed provide an Access Point function. For those customers who rent a gateway from Comcast, how else would the wireless devices in our homes connect to the Internet ... except through the device (Access Point) provided by Comcast?

 

 

 

Bronze Problem Solver

Re: KRACK attack, WPA2 vulnerability

Your gateway is being used in router mode so no worries. 

Problem Solver

Re: KRACK attack, WPA2 vulnerability

Actually it depends on how you interpret it. The way I interpret it is that it is in AP mode because routers don’t have to be wireless. There are such things called “wired routers” that don’t have wireless so by the way it’s worded it does make it seem like that it’s a separate part.
Connection Expert

Re: KRACK attack, WPA2 vulnerability

FWIW;

 

https://www.google.com/search?q=what+is+an+access+point+vs+router&oq=what+is+an+access+poiny&aqs=chr...




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Frequent Visitor

Re: KRACK attack, WPA2 vulnerability

Lets not get side tracked by what we call the device that we rent from Comcast.

 

I will refer to it as a "gateway" that functions as a cable modem, a router, and an access point.

 

Those functions are implemented by the firmware that runs in the "gateway". Among other things, that firmware implements the WPA2 protocol needed to securely connect a wireless device to the customer's local area netword defined in the "gateway's" configuration. 

 

KRACK takes advantage of a flaw in that protocol.

 

We need someone from COMCAST to give us an "official" statement regarding whether or not the firmware that runs in the various "gateways" (that we rent from Comcast) is(or is not) vulnerable to KRACK, and if so ... what Comcast is doing to roll out firmware fixes that will mitigate the KRACK vulnerability in the "gateway".

 

It has been about 26 days since KRACK was first discovered, and yet no one from Comcast has the courtesy of posting here (or anywhere) informing us customers as to when we can expect a fix to this problem ... and yet Comcast continues to bill us monthly for renting a "gateway" with a possible vulnerability to KRACK.

 

Comcast:  where are you????

 

Problem Solver

Re: KRACK attack, WPA2 vulnerability

As the first result at https://www.google.com/search?q=what+is+an+access+point+vs+router&oq=what+is+an+access+poiny&amp... says, router can be an AP. However for it to be concern, routers have operations in STA/client mode or APs supporting 802.11r.
New Poster

KRACK

KRACK is a "presumed" potential threat to WiFi networks (quotes because it is unclear to me from previous posts whether the Comcast-rented modem is vulnerable--although its generated WiFi newtork may be). Almost a month ago Comcast stated that a public statement, presumably regarding upgrades to firmware/software to protect users, is forthcoming. To date it has not appeared, neither in this forum nor in press coverage. I, for one, would like either confirmation from Comcast that our home networks are secure or that a fix is forthcoming. If these options are not available, then please provide a guide regarding steps to protect individual devices connected to the WiFi network made available by the Comcast-rented modem. Press, and professional, coverage of KRACK continues to increase. We need information!

New Poster

Re: KRACK

I just spoke with Comcast Technical Support. She said they are working on a fix, but it's not complete yet. She said it will likely be a few more days before the fix is completed. She said they will push the fix out to affected gateways; they will let affected customers know about the fix; they will supply new hardware (gateways) if needed.

New Poster

Re: KRACK

Did they say what they were fixing?  I was under the impression that most home routers wouldn’t need much (if any work), since most of the KRACK issues are in the clients.

 

New Poster

Re: KRACK Attack

People calling the cistomer support. They are NOT going to validate the problem or they would make an announcement to customers. CYA...comcast never helps customers
New Poster

Re: KRACK Attack

Houston XFinity Customer - TG1682G -- I use 2.4ghz and 5ghz - I would like to know when or if a patch/replacement for the Modem will be available. This modem/router has had numerous "hacked wifi" and "wps" connections already, even kicking them, making firewall rules against them, and changing the SSiD's and PW's have NOT Helped, it keeps happening. This has been happening to me since 2016, and as of 11-2017 -- I know some of "neighbors" around me are to blame, 1 for sure... as they changed my router's name, and pw - and I was able to view that information... and see all of their connected devices. -- They have not been confronted yet, and I don't plan on it, unless this continues after "whatever you decide to do" to fix these issues: (As of 11-20-2017) My WIFI on all devices including the Modem/Router in question is disabled, and will not be enabled until a fix is provided. (which is very tedious, Right next to T-Day, and X-Mas)

 

1) My cat frequently steps on the WPS Connect button -- please allow us to disable the WPS Button, or offer us a Modem without one... - Auto WPS is also (already) disabled, but not the "Button on top of the Modem/Router"  This is how our neighbor got in the first time, Since then: I "CAT" proofed the modem/router/button so they can not press it... LoL

 

2) Fix this KRACK Vulnerability - Since the Methods and Vulneralbilty is now 100% KNOWN by the PUBLIC, as of OCTOBER 2017, supposedly this has been known to those underground individuals since 2016.. My router had many phantom connections connected to the WiFi, and a bunch of new devices were popping up, and showing "online" and I do not own anything BY APPLE - just M$, Android, here. (I REFUSE to buy anything from ANYONE Black Friday 99% off or not *whatever that has or uses WIFI, Including Smart anything, TVs, gaming consoles laptops, smart phones, etc etc) UNTIL MY ROUTER which everything connects to is FIXED via a security patch/firmware upgrade, or replacement.... IF it isn't fixed by December 31st, We may be dropping service. -- as we are tired of being hacked, and having "anyone" within "RANGE" use up our data bandwidth - whether the intent is malicious or NOT. and before you ask... YES THE OPEN WIFI, is disabled, using WPA2 here. for both 2.4ghz and 5ghz WiFi.