All replies

    • snn555

      60. Re: TM-AC1900 and KRACK WiFi vulnerability

      Sounds like you need a personal LTE cellspot more than a Wi-Fi cellspot.

      • magenta2997940

        Dear T-Mobile if you no longer wish to  continue to support cellspot program, please let Asus to release update and convert it to AC68U.

        • amc2002

          62. Re: TM-AC1900 and KRACK WiFi vulnerability

          I tried the test on that page, but there are errors in the instructions. In one step, it says use wifi.conf, which is the config file you make with your login credentials. But in the second, it says use network.conf, which doesn't exist.

           

          I went to the original python script page (on Github) and found that you're supposed to use your network config file in both examples (they name it network.conf). So from there, I used the help contents of the attack script itself.

           

          I got the first wpa_supplicant command to run fine - it starts up the wifi network, but the wrapper for the test script says ctrl_iface is in use and it throws an error. I think this is probably OK though, but when I try to roam to another AP (I did the guest one), it says FAIL. Not sure why, and I can't seem to find online why it would fail.

           

          Anyway, I tried. If anyone else has a linux laptop and would like to try it, it should take you about ten minutes to see if it works correctly for you or not.

          • magenta3036171

            Asus seems to have release a new firmware Version 3.0.0.4.380.7743_FBWIFI2017/10/19

            • snn555

              64. Re: TM-AC1900 and KRACK WiFi vulnerability

              Mine says up to date.

              3.0.0.4.376_3181

              • snn555

                65. Re: TM-AC1900 and KRACK WiFi vulnerability

                That's for the RT AC68U. 

                • amc2002

                  66. Re: TM-AC1900 and KRACK WiFi vulnerability

                  Thanks, but it looks like it only contains the Facebook WiFi add-on. Doesn't say anything about fixing KRACK, and I'd assume if that was in there, they'd want to crow about it?

                  • amc2002

                    67. Re: TM-AC1900 and KRACK WiFi vulnerability

                    Hi Everyone,


                    I wrote to ASUS support asking why they are claiming this model is not vulnerable to the KRACK issue. Received a response this morning and would like to share. Relevant part in BOLD.

                     

                    Hi,

                     

                    Krack needs to use key re-insertion method, RT-AC68U router/AP mode used Broadcom network authentication server, and key re-insertion does not work in router/AP mode.

                     

                    In the research’s web site, there are more information for this case: https://www.krackattacks.com/

                     

                    “Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates (also see this question). We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.”

                     

                     

                    Best regards,

                    ASUS Security | ©ASUSTeK Computer Inc.

                    1 of 1 people found this helpful
                    • snn555

                      68. Re: TM-AC1900 and KRACK WiFi vulnerability

                      So basically we can close this thread because everyone is safe and the only thing we could ask for would be more timely updates.

                      1 of 1 people found this helpful
                      • tmo_marissa

                        69. Re: TM-AC1900 and KRACK WiFi vulnerability

                        Thanks for sharing that, amc2002! It's awesome to have a more thorough explanation of the particular vulnerability (or lack thereof) that Krack would take advantage of, especially directly from Asus.
                        I still want to make sure everyone knows that we appreciate the feedback regarding security updates *in general* and have forwarded it all on. If at any point I hear anything back about an upcoming update for the TM-AC1900, please believe me when I say I will be stoked to return here and deliver news.
                        <3

                        1 of 1 people found this helpful
                        • sohmageek3

                          70. Re: TM-AC1900 and KRACK WiFi vulnerability

                          While this is GREAT news regarding KRACK. it still is extremely concerning that there have been no updates for years for the tmobile branded vs the retail Asus one has had updates. I hope that the urgency has not faded now that we have been told KRACK is a non-issue with this device.

                          1 of 1 people found this helpful
                          • eturk

                            71. Re: TM-AC1900 and KRACK WiFi vulnerability

                            Here's the specific KRACK:

                             

                            "The silver lining is that WPA2 is NOT fundamentally broken, and that this flaw is relatively easy to fix by eliminating the resending of one-time keys. Vanhoef noted that Windows and iOS are less affected because they do not accept one-time keys that have been sent more than once. However, those platforms are still vulnerable to more creative versions of this attack."

                            KRACK Attack Threatens All Wi-Fi Networks: What to Do

                             

                            So it seems routers can be patched so they no longer send the key more than once? That would protect all devices on the LAN from being vulnerable to the attack? A second level of patch for all those devices that won't get updates (like older T-Mo phones)? Is this already the patch on TM-AC1900? Techies here, please help clarify this.

                             

                            • tidbits

                              72. Re: TM-AC1900 and KRACK WiFi vulnerability

                              It does very little at all.  This thing is blown out of proportion imho.  As long as your traffic is https: you'll be fine 100% even if the device isn't patched.  It is now 2017 and every website should be using https: traffic.  If they are not then they are honestly not worth using because it does not cost them extra to go this way.

                              • snn555

                                73. Re: TM-AC1900 and KRACK WiFi vulnerability

                                This is getting a little hairy scary. I'm content checking with the router updater and on this thread from time to time to check for any developments. After all this was a free router and I do understand the need to update and keep up with demand Over time however it was free and most all of the websites I visit if not all are https. Plus I don't really have anybody snooping and sniffing around to get on to my WiFi so there's that.

                                • tidbits

                                  74. Re: TM-AC1900 and KRACK WiFi vulnerability

                                  snn555 wrote:

                                   

                                  This is getting a little hairy scary. I'm content checking with the router updater and on this thread from time to time to check for any developments. After all this was a free router and I do understand the need to update and keep up with demand Over time however it was free and most all of the websites I visit if not all are https. Plus I don't really have anybody snooping and sniffing around to get on to my WiFi so there's that.

                                  You should be telling those websites that don't use https traffic to start using it.  There was no reason not to switch to it as soon as it became available.  All internet related things support it, and it doesn't cost extra to use it.  Some websites do have https sites, but people these websites don't redirect to them and leave people on their http websites. manually input the address with https and see if you connect and then if it does then bookmark that one instead of their http website. 

                                  1 3 4 5 6 7 Previous Next