Home

Awesome

KRACK: (K)ey (R)einstallation (A)tta(ck)

From the KRACK <a href="https://www.krackattacks.com/">website</a>:

In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.

Unless a known patch has been applied, assume that all WPA2-enabled Wi-Fi devices are vulnerable.

#f03c15 Administrators: Remember to <a href="https://github.com/kristate/krackinfo/subscription">watch this page</a> for changes

Go Directly to Vendor Response Matrix

For Android devices please check the Android Response Matrix

日本人の皆さまへ: こちらをご覧ください(日本語)

The Good

The Bad

The Ugly

Attacks that can be made

Attacks that cannot be made

Further information

CVE List and Device Types Affected

The reinstallation attack is not a single attack, but a group consisting of ten (10) independent security flaws which do have a common underlying approach. The security holes may be exploited indepdently of each other, and thus have to be fixed individually (if a device is affected). As it is common in computer security, each of them got assigned to a Common Vulnerabilities and Exposures (CVE) number, which are aggregated in VU #228519 for better tracking. Based on a statement provided by Zyxel you may group these CVEs based on which communication party is affected:

Common Vulnerabilities and Exposures (CVE)Party Affected
CVE-2017-13077Wi-Fi clients
CVE-2017-13078Wi-Fi clients
CVE-2017-13079Wi-Fi clients
CVE-2017-13080Wi-Fi clients
CVE-2017-13081Wi-Fi clients
CVE-2017-13082Access Points, if implementing standard 802.11r
CVE-2017-13084Wi-Fi clients
CVE-2017-13086Wi-Fi clients
CVE-2017-13087Wi-Fi clients
CVE-2017-13088Wi-Fi clients

Access points, which are intended for the consumer market, typically do not implement the standard 802.11r. However, access points for the enterprise market may do so.

Based on the table above, it becomes apparent that the primary effort for correcting the security flaw is to be expected for the Wi-Fi clients. As of writing, there is no possibility known to safeguard Wi-Fi clients by changing the access point's behavior. This implies that patching the Wi-Fi device is the only way to fix the problem for Wi-Fi clients.

Related Reading

Vendor Patch Matrix (non-complete)

VendorPatch AvailableIn DevelopmentNot Directly Affected
AppleX?
Arch LinuxX
AristaX
ArubaX
AsusXX
CentOSX
CiscoX
DD-WRTX
DebianX
EndianX
Extreme NetworksXX
FedoraX
FreeBSDX
GoogleX
Lenovo?
LineageOSX
LXDEX
MerakiX
MikroTikX
Mojo NetworksX
Red HatX
RuckusX
SynologyX
SUSE / openSUSEXX
Turris OmniaX
UbiquitiX
UbuntuX
UniFiX
VMwareX
Watchguard CloudX
WatchguardX
Windows 10X
WPA_supplicantX

Vendor Response (complete)

VendorOfficial ResponseCommentLast CheckedLast UpdatedDate Notified by CERT
3com IncNo Known Official ResponseN/A2017-10-292017-10-17
ActiontecLinkN/A2017-10-182017-10-18
AerohiveLinkN/A2017-10-172017-10-17
Alcatel-LucentLINKSupport is suggested to go via the network vendors; patches are available for OmniAccess and OmniAccess Stellar WLAN products2017-10-292017-10-18
AmazonNo Known Official Response"We are in the process of reviewing which of our devices may contain this vulnerability and will be issuing patches where needed."2017-10-292017-10-17
AndroidSecurity Bulletinfixed with versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 <br />Security patch level 2017-11-06 or later required to be fixed. Note that security patch level 2017-11-05 is not sufficient.<br />Distribution to vendors to downstream has started; vendors may need additional fixes from hardware suppliers.2017-11-112017-11-11
AppleGeneral Security Updatessee details page2017-11-012017-11-01
Arch Linuxwpa_supplicant, hostapdN/A2017-10-162017-10-16
ArduinoNo Known Official ResponseEspressIf fixed its ESP8266 SDK in upstream (see also row "Espressif Systems" in this table below); SDK Fix is on the way2017-10-292017-10-29
AsusLINKNew firmware available / Additionally, an email response from "security@asus.com" says that they are "co-working with chipset vendors for solutions and will release patched firmware for affected routers soon."; the security advisory statement from 2017-10-31 lists more than 70 devices not affected by the attack2017-11-212017-11-21
AVM (FRITZ!Box)LINK, LINK2WPA2 flaw – FRITZ!Box on broadband connections are secure. AVM has provided updates for its wireless repeaters and its Powerline product series. Download of new firmwares are available in the download area2017-10-282017-10-28
Barracuda NetworksLINKOur investigations indicate that currently only Barracuda NextGen Firewall Wi-Fi Models used under Wi-Fi Client mode are affected.2017-10-172017-10-17
BearExtender / BearifiNo Known Official ResponseN/A2017-11-122017-11-12
Belkin, Linksys, and WemoLINK@Linksys, LINK@Belkin"We are still confirming all product skus affected, including Belkin Routers and Range Extenders, Linksys Routers, Adapters, Access Points, Bridges and Range Extenders and Wemo Products. As mentioned, when firmware is available, it will be posted to the associated brands’ support page."2017-10-282017-10-28
bintec elmeg (Teldat Group)LINKAPs do not have support for 802.11r and 802.11s (thus not affected in AP-only mode); APs in client mode may be affected: further investigations ongoing2017-10-292017-10-29
Broadcom / CypressLINK (Cypress community login required)WICED Studio, wpa_supplicant, and linux releases in late October will address the relevant CVEs.2017-10-182017-10-18
BrotherNo Known Official ResponseN/A2017-10-292017-10-19
Buffalo / MELCOLINK(JA)N/A2017-10-182017-10-18
CanonNo Known Official ResponseN/A2017-10-292017-10-16
CentOSCentOS 6, CentOS 7From upstream Red Hat Security Advisories RHSA-2017:2911, and RHSA-2017:2907 Arch: Centos6 i386, x86_64; Centos7 x86_64, ARM (Raspberry PI), ppc64, ppc64le,2017-10-182017-10-18
CiscoLINKMultiple Cisco wireless products are affected by these vulnerabilities.2017-10-162017-10-1628 Aug 2017
ComcastNo Known Official ResponseN/A2017-10-172017-10-17
ConnMannNo Known Official ResponseConnman has not released any information or updates yet. LINK2017-10-172017-10-20
CZ.NIC TurrisLINKvia @spike411: CZ.NIC Turris team is testing a fix (backported from hostapd upstream): LINK2017-10-162017-10-16
D-LinkLINKList of affected products (includes statement for which models patches are already provided)2017-10-282017-10-28
DD-WRTLINKN/A2017-10-172017-10-17
DebianLINK* Add patches to fix WPA protocol vulnerabilities (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088): - hostapd: Avoid key reinstallation in FT handshake - Prevent reinstallation of an already in-use group key - Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases - Fix PTK rekeying to generate a new ANonce - TDLS: Reject TPK-TK reconfiguration - WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used - WNM: Ignore WNM-Sleep Mode Response without pending request - FT: Do not allow multiple Reassociation Response frames - TDLS: Ignore incoming TDLS Setup Response retries2017-10-162017-10-16
DellLINKSeveral products affected; patches are under development2017-10-292017-10-29
DenonNo Known Official ResponseN/A2017-11-212017-10-17
DevoloLINK(German only)They are currently reviewing the attack scenario for their products according to this tweet; they report that they are not affected by this (both old and current devices), as the WPA2 parts, which are affected, are not used in their products2017-10-292017-10-29
DrayTekLINKDrayTek are investigating solutions for this and plan to issue appropriate updates (firmware) as soon as possible. First firmware updates are either announced (with patch version numbers provided) or even released (and then can be found at the firmware download page, e.g. VigorAP 902)2017-10-282017-10-28
ecobeeNo Known Official ResponseTwitter response 1 and 2: "ecobee is aware of the industry-wide vulnerability in WPA2 referred to as KRACK. The security of our customers is very important to us and we have confirmed that ecobee device security is not impacted by this issue." Likely this means ecobee considers underlying https / ssl to be secure despite KRACK2017-10-172017-10-17
EdimaxLINKEDIMAX Wi-Fi Router, Range Extender, USB NIC(SoftAP) and Access Points(WDS Mode) are impacted with WDS or repeater mode; patches are on the way. EDIMAX USB NIC, Access Points and IP Camera are not impacted.2017-10-282017-10-28
eeroLINKPatched firmware automatically pushed to users OTA; also available for download2017-10-172017-10-17
ELECOMLINK(JA)N/A2017-10-202017-10-20
EMC CorporationNo Known Official ResponseN/A2017-10-172017-10-17
EndianLINKCommunity version is not affected. Fixed on Enterprise 5.02017-10-182017-10-18
EnGeniusLINK"EnGenius software developers are currently working on security patches and will issue firmware releases as soon as possible."2017-10-182017-10-18
Espressif SystemsLINKEspressif released patches for the WiFi vulnerabilities in their products including ESP-IDF, ESP8266 RTOS and ESP8266 NON-OS. Arduino ESP32 will be updated shortly.2017-10-162017-10-1622 Sep 2017
Extreme NetworksLINKPatches available for ExtremeWireless, ExtremeWireless WiNG. ExtremeCloud and WLAN 8100/9100 patches still in development.2017-10-262017-10-252017-08-28
F5 NetworksLINKThere is no impact; F5 products are not affected by this vulnerability.2017-10-192017-10-19
FedoraFedora 26 / 27 (beta)Status: Fixed Release: Stable (* Manual installation is possible) Arch: x86_64 and ARM (Raspberry PI)2017-10-172017-10-19
FortiNetLINKOnly affected in client / mesh leaf mode or when using 802.11r; patches available2017-11-072017-11-02
Foundry BrocadeNo Known Official ResponseN/A2017-10-172017-10-17
FreeBSD ProjectResponse, patchBinary and source updates to base system available. Alternatively one can install the security/wpa_supplicant port or package in lieu of the same in base.2017-10-172017-10-17(?)
GoogleNexus/Pixel<br />ChromeOS FixNexus/Pixel devices: Security patch level 2017-11-06 or later required to be fixed. Note that security patch level 2017-11-05 is not sufficient. Distribution expected to happen with December security update. For further details, see also Android above.<br />Link to initial statement2017-11-132017-11-13
Hewlett Packard Enterprise / ArubaLINK@HPE, Aruba Patch Info - Aruba FAQAnalysis still ongoing. First Aruba2017-10-172017-10-17Aruba: 2017-08-28
HoneywellNo Known Official ResponseImpact in assessment; no fix available, yet2017-11-122017-11-12
HuaweiLINK"Huawei immediately launched investigation and carried out technical communication with the researcher."2017-11-282017-11-20
I-O DATALINK(JA)N/A2017-10-182017-10-18
IBMNo Known Official ResponseN/A2017-10-172017-10-17
IcoteraIcotera products are not affected LINKThe investigation concluded that none of current Icotera products is affected by the described vulnerability, as it does not apply to a device running Access Point mode only2017-10-192017-10-19
Intel CorporationLINKN/A2017-10-162017-10-1628 Aug 2017
IPFireLINKUpdate: packages for all architectures are now available2017-10-192017-10-19
iRobot (Roomba)No Known Official ResponseChat support: "So far as we can tell, we haven't been impacted. So that's good news lol." IMG2017-10-172017-10-17
JollaLINKN/A2017-10-172017-10-17
Juniper NetworksLINKPatches for WLAN available; patches for SRX and SSG outstanding2017-10-162017-10-1628 Aug 2017
KPNLINKKPN routers to be found safe. See update 17th LINK2017-10-172017-10-20
Kyocera CommunicationsNo Known Official ResponseN/A2017-10-292017-10-17
LEDELINKReleased fix in version 17.01.4.2017-10-182017-10-18
LenovoLINKImpact assessment apparently still ongoing2017-10-292017-10-29
LineageOSLINK"All official 14.1 builds built after this tweet have been patched for KRACK.":LINK2017-10-172017-10-17
LinuxPatches: LINKwpa_supplicant version 2.4 and above is affected. Linux's wpa_supplicant v2.6 is also vulnerable to the installation of an all-zero encryption key in the 4-way handshake.2017-10-162017-10-16
LogitechLINKHarmony: vendor is aware of the vulnerability; review in process2017-11-122017-11-12
LuxulNo Known Official ResponseN/A2017-10-172017-10-17
MarantzNo Known Official ResponseN/A2017-11-212017-10-17
Marvell SemiconductorNo Known Official ResponseN/A2017-10-172017-10-17
MediaTekNo Known Official ResponseN/A2017-10-162017-10-16
MerakiLINKFixed for Cisco Meraki in 24.11 and 25.72017-10-162017-10-16
Microchip TechnologyLINKN/A2017-10-172017-10-1728 Aug 2017
MicrosoftWindows RelatedWhen clicking the link, accept the EULA then click the link again. Provided security fix apparently does not solve the issue under all circumstances ("[...] however, when affected Windows based systems enter a connected standby mode in low power situations, the vulnerable functionality may be offloaded to installed Wi-Fi hardware", see FAQ at link), i.e. hardware vendors also may have to provide fixes for their devices2017-10-162017-10-28
MidnightBSDNo Known Official ResponseWorkaround available by installing wpa_supplicant from mports/security/wpa_supplicant2017-10-212017-10-21
MikrotikLINKWe released fixed versions last week, so if you upgrade your devices routinely, no further action is required.2017-10-162017-10-16
Mojo NetworksLINKUpdate to cloud management platform completed. In order to mitigate client-side vulnerabilities, Mojo recommends upgrading AP software to version 8.5, and enabling MAC Spoofing and Man-in-the-middle attack prevention with built-in WIPs.2017-10-172017-10-17
NEC (ATERM)LINK(JA)N/A2017-10-202017-10-20
Nest LabsLINKNest Tweeted: "We plan to roll out patches to our products in the coming weeks. These won't require any action on the part of the user.", First firmware updates are in distribution. Nest Protect still is missing.2017-10-282017-10-28
netBSDLINKN/A2017-10-222017-10-22
NetgearLINKN/A2017-10-162017-10-16
NikonNo Known Official ResponseN/A2017-10-162017-10-16
NintendoNo Known Official ResponseN/A2017-10-162017-10-16
NokiaNo Known Official Response"I have forwarded your support request to our Tier 3 team for their assistance. We appreciate your patience as we work to resolve your issue, and will get back in touch as soon as we have additional steps for you to take.", source: #1742017-10-272017-10-27
NvidiaFIXAndroid Security patch has been applied2017-11-122017-11-12
OmniROMLINK"all official OmniROM N builds have the fix included."2017-10-192017-10-19
OnePlusLINK for OxygenOS 3.6.1 LINK for OxygenOS 4.5.14N/A2017-11-122017-11-12
OnkyoNo Known Official ResponseN/A2017-10-172017-10-17
Open-Mesh / CloudTraxLINKAn update is expected to be delivered to all of those that use automatic updates by the end over October 17th.2017-10-172017-10-17
OpenBSDLINKErrata patches for the wireless stack have been released for OpenBSD 6.1 and 6.0. State transition errors could cause reinstallation of old WPA keys. Binary updates for the amd64 and i386 platforms are available via the syspatch utility. Source code patches can be found on the respective errata pages. As this affects the kernel, a reboot will be needed after patching.2017-10-162017-10-16
OPNsenseNo Known Official Response(CALL FOR TESTING) KRACK Attack fixes LINK2017-10-182017-10-18
PakedgeNo Known Official ResponseVia @spike411 "They have acknowledged they have received my enquiry but don’t have any info about the state of this vulnerability in their products."2017-10-162017-10-16
ParticleLINKOnce Cypress releases updates to WICED Studio, Particle will create system firmware releases. Users can then build their apps on the new system versions.2017-10-182017-10-18
PeplinkLINK"We are developing firmware to address the vulnerability." ... "ETA for the firmware releases is within two weeks."2017-10-172017-10-172017-08-28
PetNet & Electric ImpLINKNot affected, as all communication is TLS-secured; waiting for hardware vendors to provide fixes to allow incorporation into one of the next impOS versions2017-11-122017-11-12
pfSenseRELEASES LINKpfSense 2.4.1 & 2.3.5 releases (and later patches) contain "Fixes for the set of WPA2 Key Reinstallation Attack issues commonly known as KRACK"2017-10-292017-10-29
PioneerNo Known Official ResponseN/A2017-10-172017-10-17
PLANEXLINK(JA)N/A2017-10-202017-10-20
Qualcomm AtherosNo Known Official ResponseN/A2017-10-162017-10-16
RachioNo Known Official ResponseSupport response: "When it boils down into it, the KRACK attack can only target improperly done HTTPS / SSL connections, and we are perfectly safe in that regard. There is no need for our controller to get an update due to the leak itself, due to the massive lack of a GUI there is nothing at risk from our controller. <br/> From what I can see in my research and testing, KRACK vulnerability cannot potentially modify data on the network, or even eavesdrop from our controller. <br/> The absolute only thing at risk, after thorough testing, that a KRACK attacker would be able to potentially see is that you have a Rachio on your network. And even then, the only way they have the slightest ability to get any further would be via timing analysis, and even then it only would be your watering times." LINK2017-10-172017-10-17
Raspbian (Raspberry Pi)No Known Official ResponseUpdate (20171002 01:38): The fixes for raspbian Jessie and Stretch should now be in the public raspbian repo. The fix for raspbian buster should follow in a few hours. I do not know if/when there will be a fix for wheezy. source: LINK REPO FORUM2017-10-172017-10-17
RealtekNo Known Official ResponseN/A2017-10-282017-10-28
Red Hat, Inc.This issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 6 and 7. LINKRed Hat Security Advisories for Red Hat Enterprise Linux 7 RHSA-2017:2911 and Red Hat Enterprise Linux 6 RHSA-2017:29072017-10-162017-10-1628 Aug 2017
RingNo Known Official ResponsePer support "They promise to update public shortly, actively working with developers."2017-10-172017-10-17
RosewillNo Known Official ResponseN/A2017-10-252017-10-25
Ruckus WirelessKRACK Resource CenterN/A2017-10-172017-10-17
SagemcomNo Known Official ResponseN/A2017-10-172017-10-17
Samsung ElectronicsLINKDelivery of patches with Security Maintenance Release SMR-NOV-2017 planned; Expected scope until December: S8, S8+, S8 Active, S7, S7 edge, S7 Active, S6 edge+, S6, S6 edge, S6 Active; additionally with the next quarterly update: A3 (2016), A3 (2017), A7 (2017), J1 Mini, J1 Mini Prime, J1 Ace, J1 (2016), J2 (2016), J3 (2016), J5 (2016), J7 (2016), J3 Pro, J3 Pop, J7 Pop, J3 (2017), J5 (2017), J7 (2017), J7 Max, J7 Neo, Tab S2 L Refresh, Tab S3 9.7, Note FE2017-11-132017-11-1328 Aug 2017
SharpNo Known Official ResponseN/A2017-10-162017-10-16
SnapAVNo Known Official Response (See comment for unofficial response)An email from G Paul Hess, Chief Product Officer states that Araknis Networks Wireless Access Points and Autonomic 1e Music Streamer are affected. "We are currently working on a firmware update, which will be available on SnapAV’s website, as well as OvrC."2017-10-162017-10-17
SonicwallLINKN/A2017-10-172017-10-17
SonosLINKWe're aware of the issues with WPA2 and our team is working to determine any ramifications this may have for Sonos players.2017-10-182017-10-18
SonyLINKFirst Xperia devices announced to receive patches; Android Security Patch level will be dated above 2017-11-052017-10-292017-10-29
Sophos APLINKN/A2017-10-172017-10-17
SUSE / openSUSEhostap wpa_supplicantPatches available for wpa_supplicant. hostap in the works. See links for details2017-10-202017-10-2028 Aug 2017
SwisscomLINKInternet Box and Centro routers not affected. AirTies repeaters to be clarified.2017-10-312017-10-19
SynologyLINK 1 LINK 1Synology DiskStation Manager (DSM) with attached WiFi dongle and Synology Router Manager (SRM) are vulnerable to Krack. As of Version 6.1.3-15152-8: Fixed multiple security vulnerabilities regarding WPA/WPA2 protocols for wireless connections (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088).2017-10-172017-10-17
TechnicolorNo Known Official ResponseN/A2017-10-292017-10-29
TescoLINKTesco has chosen not to patch the Hudl: "There will be no further updates to the hudl software"2017-10-172017-10-17
Texas InstrumentsLINKPatches already provided2017-10-292017-10-29
Toshiba Commerce SolutionsNo Known Official ResponseN/A2017-10-162017-10-1615 Sep 2017
Toshiba Electronic Devices & Storage CorporationNo Known Official ResponseN/A2017-10-162017-10-1628 Aug 2017
Toshiba Memory CorporationNo Known Official ResponseN/A2017-10-162017-10-1628 Aug 2017
TP-LinkLINK, LINK2TP-Link has been working on affected models and will release firmware over the next few weeks on our official website.2017-10-182017-10-18
Turris OmniaLINKN/A2017-10-172017-10-17
Ubiquiti NetworksLINKUbiquiti has released 3.9.3.7537 in beta to mitigate these vulnerabilities in UniFi APs that have a client mode. mFi devices are likely vulnerable and no statement or patch has been released.2017-10-162017-10-16
UbuntuLINKUpdates are available for wpasupplicant and hostapd in Ubuntu 17.04, Ubuntu 16.04 LTS, and Ubuntu 14.04 LTS. wpasupplicant and hostapd were updated before the release of Ubuntu 17.10.2017-10-162017-10-16
VolumioLINKUpdates are available for wpasupplicant and hostapd in Volumio starting from version 2.2962017-10-182017-10-18
WatchGuardLINKSunday, October 15, 2017:,AP120, 320, 322, 420:,Release 8.3.0-657, Cloud mode only. Monday, October 30, 2017: AP300: Release 2.0.0.9, AP100, 102, 200: Release 1.2.9.14, AP120, 320, 322, 420:,Release 8.3.0-657, Non-Cloud (GWC mode)2017-10-172017-10-17
webOSNo Known Official ResponseAlso see entry ConnMan2017-10-172017-10-20
WiFi AllianceLINKUsers should refer to their Wi-Fi device vendor’s website or security advisories to determine if their device has been affected and has an update available. As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers.2017-10-162017-10-16
XfinityNo Known Official ResponseN/A2017-10-172017-10-17
XiaomiLINKMIUI Beta 9 v7.10.19 for some of the mobile devices released.2017-10-222017-10-222017-07-28
XirrusLINKAs soon as the patch is released, it will be made available through the Xirrus Support Community.2017-10-172017-10-17
YamahaNo Known Official ResponseN/A2017-11-122017-10-16
Yi (Xiaomi)No Known Official Response"Waiting on a reply"2017-10-172017-10-17
Zoom TelephonicsNo Known Official Responsesells amongst other Routers and Access Points; some of them may also run as supplicants2017-11-122017-11-12
ZTENo Known Official ResponseAlso see entry KPN2017-10-172017-10-20
ZyXELLINKN/A2017-10-162017-10-1628 Aug 2017