All replies

    • marcmarshall

      Marissa,

       

      I called T-Mobile a week or 2 ago about this. This is an exploit where anyone in range of the router can clone the mac address of another device on the network and then use the network. It is because of a vulnerability in the WPA2 security protocol such that the devices do not need the password for handshakes after the initial log on. It certainly exists in all routers using the WPA2 security protocol in AP mode which is specifically used to connect with devices outside the network. There are many articles all over the internet to explain this. It is a universal exploit that requires a security patch by ALL manufacturers of current WiFi devices. I imagine it is also a vulnerability on your phones when people are using "hotspot" tethering.

       

      I think if you call ASUS back and ask to speak with someone who knows what they are talking about they will acknowledge the problem. No doubt they will patch all their own commercial devices first. I would guess that the T-Mo branded model will get faster attention if people at T-Mobile make some noise. After all they have been updatiing this router at all even though they have updates for their version of the same router.

       

      Thank you,

      Marc

      • magenta2912235

        Marissa,

         

        To be somewhat blunt, can you please let your ASUS contact know that, if they're not interested in patching the firmware on this router, that I (and, I imagine, other T-Mobile customers) will refuse to purchase ASUS products in the future, and advise others not to purchase their products as well?

         

        I'm guessing ASUS doesn't really care unless there's some hint that this might affect their bottom line, so ...

        • marcmarshall

          FYI all- I contacted ASUS this morning. I was told that they have not updated any of their routers to address the KRACK vulnerability but they are working on an update their routers, including the the TM-1900. There is no ETA on when this will happen.

          4 of 4 people found this helpful
          • tmo_marissa

            Hey, Marc!


            I want to be super transparent, so bear with me (and forgive me if this is way more detail than you need)! Our Community team here work for the Support site, which is part of T-Mobile's content team. We reached out to colleagues who deliver the content on ASUS equipment (and all other things, internal or external). Since this was breaking news, they were working with ASUS already to get information that we could provide to our frontline teams, because we knew our customers would be concerned. It was through that email chain that we were given the update on the vulnerability (or lack thereof) of the router, and encouraged to share that information with our users here. Our internal content for T-Force has since been updated as well, so our frontline should now be able to provide the same answer -- I'm sorry if you heard something different when reaching out, and that's valuable feedback about our turnaround time. I will do a double check and make sure that Care and Tech also have access to the same information.

             

            We have forwarded this link and another link provided upthread to a previous post about security update concerns for the router up via the same chain with all original members on it -- product managers and subject matter experts, so I promise that concerns are being passed on to folks on our side. Regarding the veracity of ASUS's statement about this specific router, on their Product Security Advisory site they have a contact email listed, so while we are doing what we can do to amplify your concerns, if you'd like to contact them directly I understand and want to make sure I'm giving that option!

             

            - Marissa

            • drnewcomb2

              49. Re: TM-AC1900 and KRACK WiFi vulnerability

              If you have shared drives on a home or small office network, with WiFi access. All the information on your shared drives is vulnerable.

              • tmo_marissa

                Hiya, magenta2912235,

                 

                I'm never one to shy away from candor, so no worries there! I know I mentioned this in the reply just posted to Marc's concern, but we did forward this thread back to the team we worked with to get the updates on the router initially, so your feedback here will definitely be visible, as well as all of the feedback provided on the older thread with many users voicing their request for FW updates. I am not the guy who gets to make the call, but I will continue to do what I can; which is make sure that your concerns are heard. I will update everyone with any new news as I get it!

                 

                - Marissa

                • snn555

                  51. Re: TM-AC1900 and KRACK WiFi vulnerability

                  I wonder how many Wi-Fi cellspots are still needed for service vs ones used mainly as routers now. Verizon stopped providing boosters when they proclaimed their network no longer needed such equipment.

                  • tidbits

                    52. Re: TM-AC1900 and KRACK WiFi vulnerability

                    drnewcomb2 wrote:

                     

                    If you have shared drives on a home or small office network, with WiFi access. All the information on your shared drives is vulnerable.

                    there are encryption tools to compensate for that  

                    • drnewcomb2

                      53. Re: TM-AC1900 and KRACK WiFi vulnerability

                      I think T-Mobile is always happy to off-load traffic from their network, whenever it's possible.

                      • tidbits

                        54. Re: TM-AC1900 and KRACK WiFi vulnerability

                        drnewcomb2 wrote:

                         

                        If you have shared drives on a home or small office network, with WiFi access. All the information on your shared drives is vulnerable.

                        I wanted to also say...

                         

                        There should be an option to turn on https for you router last I remember I believe mine does. Honestly been a while since i last played with it's settings

                        • eturk

                          55. Re: TM-AC1900 and KRACK WiFi vulnerability

                          anyone here a Linux guru?

                          found one potential way to test a router to see if it's vulnerable: KRACK Vulnerability Test - Test Your WiFi Router for KRACK (FT) - Root Said

                          • amc2002

                            56. Re: TM-AC1900 and KRACK WiFi vulnerability

                            If I have time tonight, I'll try it out. I have an old netbook (with WiFi) running Linux.

                            • eturk

                              57. Re: TM-AC1900 and KRACK WiFi vulnerability

                              Seems routers may not be as vulnerable but they could be modified to keep any device connecting to it from being vulnerable?

                              KRACK Attacks: Breaking WPA2

                               

                              With so many mobile phones not getting updates for a while now, unless they get a security update they'll expose the network to a hack.

                              • magenta3002393

                                58. Re: TM-AC1900 and KRACK WiFi vulnerability

                                I still have to use wi-fi calling at home. I live in a Major Metropolitan Area and I get only 1-2 bars on T-Mobile's cell network. I have to travel three blocks to get decent signal.

                                • jackofly

                                  59. Re: TM-AC1900 and KRACK WiFi vulnerability

                                  Me too, please fix it!