Comment by lwhi
4 years ago
I just checked for an update for my TP Link Rouer, nothing yet.
How likely are large manufacturers likely to react to this?
4 years ago
I just checked for an update for my TP Link Rouer, nothing yet.
How likely are large manufacturers likely to react to this?
Well you may find you can run (but May understandably not want to) OpenWRT on your TP Link Router. And OpenWRT released an update following KRACK
Not my model yet (unfortunately)
>How likely are large manufacturers likely to react to this?
Ruckus has updates out already: https://support.ruckuswireless.com/fragattacks-ruckus-techni...
From my own experience with TP Link routers I don't expect them to update at all.
From my experience with TP-LINK software, you don't need to worry about this attack. The attack demonstrated is complex, requires physical proximity and a lot of knowledge about the target.
Meanwhile, your router will probably give any attacker root if they ask it nicely. TP-Link doesn't seem to care about device security at all if you're already paid for the device, so don't expect any updates and expect a whole range of vulnerabilities to be exploitable against your router.
Now, it must be said, TP-Link is no D-Link, a company that almost seems to add security problems to their software intentionally with their awful software quality, but if you're conscious about security, any consumer device will probably have a whole bunch of exploits that would work easier and more reliably.
EDIT: replaced the word "access" with "proximity" to avoid confusion.
> requires physical access
What? You just need a high enough gain antenna and you can carry it out much further away than it appears your wifi reaches. Isn't physical access, being able to touch the computer?
I suppose I used the term wrong, but you do need to be within receiving range and depending on the attack you need to win a race condition, so it's not that far from the generally accepted use of "physical access".
Meanwhile, many consumer routers can be hacked by adding something similar to <img src=192.168.1.1/admin/changesettings.cgi/> to a page or malicious ad. I don't think general consumers should be worried about someone aiming a high gain antenna at your router unless you work at a company dealing with sensitive information or places like embassies. The alternatives are much easier and much cheaper to execute.
1 reply →
If the device didn't first appear on the market in the last six months? About as likely as Apple opening their hardware.