On October 16th, 2017, an industry wide vulnerability (VU#228519) in WPA/WPA2, codenamed KRACK, was made public. We have evaluated our products and online services to assess the impact of this vulnerability.
Affected Features:
Wi-Fi AP functionality is NOT affected by this vulnerability.
Wi-Fi WAN (also known as Wi-Fi as WAN or Wi-Fi client) functionality is affected.
Affected Models:
In general, our products which support “Wi-Fi WAN” functionality is affected, including:
Good work with your security information and updates.
A hardware competitor has just emailed me this morning with their DNSMasq response, over a week later than Peplink’s!
So out of curiosity, are the APs not affected because of already in-place custom code by Peplink, or something like this? My understanding is that the vulnerability is pretty much industry-wide.
@kgarvey We are not affected on AP side because we are not enabling 802.11r, in which the vulnerability discovered. When we support that, we’ll ensure the fix are in.
I was hacked over bluetooth/wifi over a year ago, when lots of horrible things were happening in security around December. I have a copy of the scripts used that I was able to capture on USB by sheer luck. Total compromise, ironically the only thing protecting me from losing all my personal accounts was that I never stored passwords or used any of the tools I was supposed to trust for security. I no longer use bluetooth or Wifi unless absolutely necessary. I’m waiting for the backdoor to Windows’ update, the whole shared download experience, not for me.
So one migjht travel with an ac mini, power it up in a Hotel room and connect that Ac Mini to the Hotel’s wifi.
Giving your Hotel room hopefully a better experience. I think I have got you. Cheers
The AP One AC Mini does not support the WiFi as WAN functionality. @Keith already made an overview of the products that do support WiFi as WAN in the original post:
WiFi as WAN is basically connecting to an existing WiFi hotspot (public or private) and using it as a WAN connection, just like you would use an existing wired WAN connection.
Some other applications of WiFi as WAN could be a yacht/ship connecting to a WiFi hotspot in a port/harbor, or a touringcar connecting to the WiFi hotspot in their own car park.
Hi, this reply is simply inaccurate, there were 10 vulnerabilities that were discovered of which one was in 802.11r - that leaves 9 remaining potentially!
The r in 802.11r stands for repeater I believe and of course if you are repeating with another wi-fi network you will be vulnerable as it is, but the other 9 vulnerabilities remain and work at all levels in the 4 way handshake by replacing one of the ciphers, unless your system has been specifically patched to prevent this and not allow a cipher key to be used again, then your wi-fi connection (between the Peplink AP and unpatched client) is susceptible to cypher change. I work in IT security and have just over 30 year experience in a wide range of systems. Right now I am unconvinced that you have grasped the extent of these vulnerabilities (unless of course you already patched them prior to the public release of this vulnerability, which would be reassuring). Thanks Tereza
May I quote from the Krackattacks.com site:
“Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.”
We have already confirmed that our WPA2 AP implementation is not vulnerable to any part of the KRACK attack vulnerabilities. WIFI as WAN acts as a client and our client implementation is vulnerable to to these attack vectors as already confirmed by Kieth in another post.