Kr00k with TP-LINK Router
https://www.cisomag.com/kr00k-vulnerability-allows-wifi-packet-decryption/
I think most people now know about Kr00k's leak problem, and my TP-LINK AC1200 & Archer C7v2 are using Broadcom chips
So Will TP-LINK make new firmware to fix it or just need us to buy new router?(If yes, I will not buy TP-LINK router anymore, even ASUS they have WPA3, but most TP-LINK router just WPA 2...)
I hope we can get new firmware to fix it, Thanks
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
so that mean... no old TP-Link router can get upgrade?
- Copy Link
- Report Inappropriate Content
@ic3b34r
Hello, we at TP-Link are aware of the vulnerability called Kr00k, which may lead to leakage of wireless data. TP-Link has been working to sort out the situation since we got the news. If there is any information about this vulnerability, we will publish it on our official website. Please wait patiently.
Thanks for your feedback and support for TP-Link products.
Best Regards.
- Copy Link
- Report Inappropriate Content
@ic3b34r Media made a big fuss about this vulnerability, it's not like all your wireless communications are exposed and your network can be hacked and get intruders inside (I've read a lot of crazy headlines). It's just one buffer than can be eavesdropped when WiFi connection is dropped and then reconnection occurs.
The attack starts by forcing a device to disconnect from the WiFi access point, then the device will try to reconnect as usual. In the middle of those actions, a pending WiFi transmission buffer is sent unencrypted. The probability of that buffer to have sensitive information is almost 0%, especially when sensitive information nowadays usually travels through end to end encrypted connections (HTTPS), so there would be no information at all in the buffer worth trying to attack.
Plus, to really get more than a buffer it is necessary to trigger the disconnection/connection multiple times, and anyone would notice if their WiFi starts to go on and off repeatedly. Not a very stealthy attack. Again, if your connections are encrypted (most should be!) those data buffers are just gibberish.
Another important reason to make sure we are using HTTPS sites and services. In fact, I don't get why the administration site for TP-Link routers do not default to HTTPS ;) (or at least recommends you to turn it on the first time)
I hope your router firmware gets fixed if it's needed, but just wanted to give you some peace of mind meanwhile. It's not as most news sites or blogs say.
- Copy Link
- Report Inappropriate Content
Thank you, but even old router(Archer C7v2 and C1200) will get a new patch? or just new AX router?
Thanks
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1770
Replies: 4
Voters 0
No one has voted for it yet.