W10M KRACK Vulnerability?

fulnix

New member
Apr 7, 2010
177
0
0
Visit site
Anyone know if we're protected? I know MS said they updated W10 but wasn't sure if that included us.

I'm clinging to my 950xl on the fast ring.

Thanks
-Ian
 

Guytronic

Ambassador Team Leader
Nov 4, 2013
8,431
0
0
Visit site
Perhaps I misunderstood because your thread is posted under "Windows Mobile"

Evidently MS has patched W10 running on desktop.
 

fulnix

New member
Apr 7, 2010
177
0
0
Visit site
No problem, my main question is with W10M. I misunderstood your statement to mean W10 was also vulnerable.

For W10M, IoS and Android; is turning off WiFi the only solution at the moment?

Thank you again,
Ian
 

AndyCalling

New member
Apr 15, 2013
1,483
0
0
Visit site
The vulnerability for OSs like Windows is when they act as if a router. Most commonly for home users, when a phone has tethering enabled and so is essentially a router. Here's hoping WM10 is included.
 

AndyCalling

New member
Apr 15, 2013
1,483
0
0
Visit site
Of course, all devices are at risk when connected to a bugged router. They aren't the cause in that instance though. That's my understanding. So you shouldn't tether over wifi until we are sure. And router WiFi off until that gets fixed by Netgear et al.
 

Guytronic

Ambassador Team Leader
Nov 4, 2013
8,431
0
0
Visit site
Here in the US we have the rented Xfinity DOCSIS router with VOIP ports.

I'm hoping Comcast will give us a new secure router soon.
Probably won't happen very quickly though.
 

fulnix

New member
Apr 7, 2010
177
0
0
Visit site
My routers are Netgear waiting on them in the meantime device security is the next step. All WiFi turned off on my 950xl and my Wife's Apple products. I just unplugged the Rokus. Glad I invested in some zbox pico pc's that run W10. No security is perfect but I don't leave the front door wide open when I leave home.
 

anon(10321802)

New member
Sep 19, 2017
18
0
0
Visit site
Yes, KRACK does affect most WiFi enabled devices. And yes, Microsoft already patched for desktop and mobile in a previous Windows update.

Microsoft has earned major brownie points with me over this.

Tech companies were made aware of KRACK back in July and while Microsoft has already patched Windows, Apple's iOS patch is still in beta, and Google's Android patch will be released "in the coming weeks".

And even when Android finally gets the KRACK patch, the vast majority of Android devices in use around the world will never receive it.
 

AndyCalling

New member
Apr 15, 2013
1,483
0
0
Visit site
The MS patch is pointless though, if you go an connect it to an unpatched router. That's my understanding of this. Great that MS patched it, but that only matters when tethering (mostly). You're still stuffed if your router's bugged.
 

anon(10321802)

New member
Sep 19, 2017
18
0
0
Visit site
The MS patch is pointless though, if you go an connect it to an unpatched router. That's my understanding of this. Great that MS patched it, but that only matters when tethering (mostly). You're still stuffed if your router's bugged.

Could be worse. You could have an iPhone still waiting for the patch, which is currently in beta. Or you could have an Android, which, if it even gets updates at all, probably won't get the patch until the November security update.

I wouldn't say any security patch is pointless if it can prevent your information from being compromised.
 

Withheld

New member
Feb 10, 2015
25
0
0
Visit site
Could be worse. You could have an iPhone still waiting for the patch, which is currently in beta. Or you could have an Android, which, if it even gets updates at all, probably won't get the patch until the November security update.

I wouldn't say any security patch is pointless if it can prevent your information from being compromised.

Indeed. Especially if your Wi-Fi infrastructure is unaffected or patched and the problem resides with the clients hardware. MDM to the rescue.
 

fulnix

New member
Apr 7, 2010
177
0
0
Visit site
The MS patch is pointless though, if you go an connect it to an unpatched router. That's my understanding of this. Great that MS patched it, but that only matters when tethering (mostly). You're still stuffed if your router's bugged.

I was under the assumption that patching one device solves the issue. Because the windows device wouldn't be fooled into jumping to the false network even if the router in question wasn't patched. Am I wrong on this?
 

nate0

New member
Mar 1, 2015
3,607
0
0
Visit site
I was under the assumption that patching one device solves the issue. Because the windows device wouldn't be fooled into jumping to the false network even if the router in question wasn't patched. Am I wrong on this?

That was my impression. Because it has to do with the exchange of the keys being used.
 

digitaldd

New member
May 16, 2016
161
0
0
Visit site
I was under the impression that KRACK exploited how the keys are exchanged by the clients not by the router. So you needed to patch all your client devices that connect to your secured wifi.
 

nate0

New member
Mar 1, 2015
3,607
0
0
Visit site

Members online

Forum statistics

Threads
322,736
Messages
2,242,598
Members
427,978
Latest member
Duouser3