1. fulnix's Avatar
    Anyone know if we're protected? I know MS said they updated W10 but wasn't sure if that included us.

    I'm clinging to my 950xl on the fast ring.

    Thanks
    -Ian
    10-16-2017 02:50 PM
  2. Guytronic's Avatar
    KRACK is a router Wi-Fi vulnerability.
    Very few devices connected to any WPA2 Wi-Fi network router are protected at this point.


    https://www.windowscentral.com/micro...-vulnerability
    10-16-2017 03:02 PM
  3. fulnix's Avatar
    I thought Windows 10 was ok if updated!? Did I read that wrong?
    10-16-2017 05:27 PM
  4. Guytronic's Avatar
    Perhaps I misunderstood because your thread is posted under "Windows Mobile"

    Evidently MS has patched W10 running on desktop.
    10-16-2017 05:31 PM
  5. fulnix's Avatar
    No problem, my main question is with W10M. I misunderstood your statement to mean W10 was also vulnerable.

    For W10M, IoS and Android; is turning off WiFi the only solution at the moment?

    Thank you again,
    Ian
    10-16-2017 06:25 PM
  6. AndyCalling's Avatar
    The vulnerability for OSs like Windows is when they act as if a router. Most commonly for home users, when a phone has tethering enabled and so is essentially a router. Here's hoping WM10 is included.
    10-16-2017 07:43 PM
  7. AndyCalling's Avatar
    Of course, all devices are at risk when connected to a bugged router. They aren't the cause in that instance though. That's my understanding. So you shouldn't tether over wifi until we are sure. And router WiFi off until that gets fixed by Netgear et al.
    10-16-2017 07:46 PM
  8. Guytronic's Avatar
    Here in the US we have the rented Xfinity DOCSIS router with VOIP ports.

    I'm hoping Comcast will give us a new secure router soon.
    Probably won't happen very quickly though.
    10-16-2017 08:54 PM
  9. fulnix's Avatar
    My routers are Netgear waiting on them in the meantime device security is the next step. All WiFi turned off on my 950xl and my Wife's Apple products. I just unplugged the Rokus. Glad I invested in some zbox pico pc's that run W10. No security is perfect but I don't leave the front door wide open when I leave home.
    10-16-2017 10:57 PM
  10. fin11's Avatar
    Wm10 seems safe if you have it updated (15063.674)

    http://allaboutwindowsphone.com/flow...le_phone_i.php
    Nate W and mc_razza like this.
    10-17-2017 06:32 AM
  11. Nate W's Avatar
    Wm10 seems safe if you have it updated (15063.674)

    Your Windows 10 Mobile phone is secure against KRACK
    Ya that build/patch went out for both PC and Mobile.

    October 10th KB4041676 15063.674 build for PC and mobile
    10-17-2017 02:50 PM
  12. Newfangled's Avatar
    Yes, KRACK does affect most WiFi enabled devices. And yes, Microsoft already patched for desktop and mobile in a previous Windows update.

    Microsoft has earned major brownie points with me over this.

    Tech companies were made aware of KRACK back in July and while Microsoft has already patched Windows, Apple's iOS patch is still in beta, and Google's Android patch will be released "in the coming weeks".

    And even when Android finally gets the KRACK patch, the vast majority of Android devices in use around the world will never receive it.
    Nate W and mc_razza like this.
    10-18-2017 12:02 PM
  13. AndyCalling's Avatar
    The MS patch is pointless though, if you go an connect it to an unpatched router. That's my understanding of this. Great that MS patched it, but that only matters when tethering (mostly). You're still stuffed if your router's bugged.
    10-18-2017 03:07 PM
  14. Newfangled's Avatar
    The MS patch is pointless though, if you go an connect it to an unpatched router. That's my understanding of this. Great that MS patched it, but that only matters when tethering (mostly). You're still stuffed if your router's bugged.
    Could be worse. You could have an iPhone still waiting for the patch, which is currently in beta. Or you could have an Android, which, if it even gets updates at all, probably won't get the patch until the November security update.

    I wouldn't say any security patch is pointless if it can prevent your information from being compromised.
    fin11 likes this.
    10-18-2017 03:14 PM
  15. Withheld's Avatar
    Could be worse. You could have an iPhone still waiting for the patch, which is currently in beta. Or you could have an Android, which, if it even gets updates at all, probably won't get the patch until the November security update.

    I wouldn't say any security patch is pointless if it can prevent your information from being compromised.
    Indeed. Especially if your Wi-Fi infrastructure is unaffected or patched and the problem resides with the clients hardware. MDM to the rescue.
    10-19-2017 05:09 AM
  16. fulnix's Avatar
    The MS patch is pointless though, if you go an connect it to an unpatched router. That's my understanding of this. Great that MS patched it, but that only matters when tethering (mostly). You're still stuffed if your router's bugged.
    I was under the assumption that patching one device solves the issue. Because the windows device wouldn't be fooled into jumping to the false network even if the router in question wasn't patched. Am I wrong on this?
    10-21-2017 10:21 AM
  17. Nate W's Avatar
    I was under the assumption that patching one device solves the issue. Because the windows device wouldn't be fooled into jumping to the false network even if the router in question wasn't patched. Am I wrong on this?
    That was my impression. Because it has to do with the exchange of the keys being used.
    10-21-2017 12:20 PM
  18. digitaldd's Avatar
    I was under the impression that KRACK exploited how the keys are exchanged by the clients not by the router. So you needed to patch all your client devices that connect to your secured wifi.
    10-23-2017 12:18 PM
  19. Nate W's Avatar
    I was under the impression that KRACK exploited how the keys are exchanged by the clients not by the router. So you needed to patch all your client devices that connect to your secured wifi.
    That is what I read. I cannot seem to find the details I read last about what Microsoft's patch did, but what you said is basically what they aimed at.

    Edit: Found it... https://portal.msrc.microsoft.com/en...CVE-2017-13080
    10-23-2017 01:36 PM

Similar Threads

  1. Microsoft releases statement on KRACK Wi-Fi vulnerability
    By WindowsCentral.com in forum Windows Central News Discussion
    Replies: 0
    Last Post: 10-16-2017, 01:40 PM
  2. Microsoft says it has already patched the KRAK WPA2 Wi-Fi vulnerability
    By WindowsCentral.com in forum Windows Central News Discussion
    Replies: 0
    Last Post: 10-16-2017, 11:00 AM
  3. These are the router makers that have patched KRACK WPA2 Wi-Fi flaws
    By WindowsCentral.com in forum Windows Central News Discussion
    Replies: 0
    Last Post: 10-16-2017, 10:30 AM
  4. KRACK WPA2 Wi-Fi hack, and how to protect yourself
    By WindowsCentral.com in forum Windows Central News Discussion
    Replies: 0
    Last Post: 10-16-2017, 07:00 AM
  5. Revert to a better w10m build
    By saqib qureshi in forum General Windows Phone Discussion Lounge
    Replies: 0
    Last Post: 10-15-2017, 09:37 PM
LINK TO POST COPIED TO CLIPBOARD