Kr00k with TP-LINK Router

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Kr00k with TP-LINK Router

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Kr00k with TP-LINK Router
Kr00k with TP-LINK Router
2020-02-29 08:33:20

https://www.cisomag.com/kr00k-vulnerability-allows-wifi-packet-decryption/

 

I think most people now know about Kr00k's leak problem, and my TP-LINK AC1200 & Archer C7v2 are using Broadcom chips

So Will TP-LINK make new firmware to fix it or just need us to buy new router?(If yes, I will not buy TP-LINK router anymore, even ASUS they have WPA3, but most TP-LINK router just WPA 2...)

 

I hope we can get new firmware to fix it, Thanks

  0      
  0      
#1
Options
4 Reply
Re:Kr00k with TP-LINK Router
2020-02-29 23:34:55

@ic3b34r 

so that mean... no old TP-Link router can get upgrade?

  0  
  0  
#2
Options
Re:Kr00k with TP-LINK Router
2020-03-02 06:17:16

@ic3b34r 

Hello, we at TP-Link are aware of the vulnerability called Kr00k, which may lead to leakage of wireless data. TP-Link has been working to sort out the situation since we got the news. If there is any information about this vulnerability, we will publish it on our official website. Please wait patiently. 


Thanks for your feedback and support for TP-Link products. 


Best Regards. 

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router Archer BE800 New Firmware Added Support for EasyMesh in AP Mode, DoH&DoT, and 3-Band MLO Connection Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#3
Options
Re:Kr00k with TP-LINK Router
2020-03-02 15:23:39

@ic3b34r Media made a big fuss about this vulnerability, it's not like all your wireless communications are exposed and your network can be hacked and get intruders inside (I've read a lot of crazy headlines). It's just one buffer than can be eavesdropped when WiFi connection is dropped and then reconnection occurs.

 

The attack starts by forcing a device to disconnect from the WiFi access point, then the device will try to reconnect as usual. In the middle of those actions, a pending WiFi transmission buffer is sent unencrypted. The probability of that buffer to have sensitive information is almost 0%, especially when sensitive information nowadays usually travels through end to end encrypted connections (HTTPS), so there would be no information at all in the buffer worth trying to attack.

 

Plus, to really get more than a buffer it is necessary to trigger the disconnection/connection multiple times, and anyone would notice if their WiFi starts to go on and off repeatedly. Not a very stealthy attack. Again, if your connections are encrypted (most should be!) those data buffers are just gibberish.

 

Another important reason to make sure we are using HTTPS sites and services. In fact, I don't get why the administration site for TP-Link routers do not default to HTTPS ;) (or at least recommends you to turn it on the first time)

 

I hope your router firmware gets fixed if it's needed, but just wanted to give you some peace of mind meanwhile. It's not as most news sites or blogs say.

  0  
  0  
#4
Options
Re:Kr00k with TP-LINK Router
2020-03-03 01:56:39

@Kevin_Z 

Thank you, but even old router(Archer C7v2 and C1200) will get a new patch? or just new AX router?

Thanks

  0  
  0  
#5
Options