Page 1 of 2 1 2 LastLast
Results 1 to 10 of 17
  1. #1
    ROG Member Array
    Join Date
    Apr 2017
    Reputation
    10
    Posts
    5

    Question KRACK exploit - WPA2 has vulnerabilities

    What is the ASUS position on the KRACK exploit?
    Are ASUS routers vulnerable to it? Are you going to provide fixes?

  2. #2
    New ROGer Array
    Join Date
    Jun 2013
    Reputation
    10
    Posts
    2

    All routers are vulnerable that use WPA2. Called the tech support line and they had no idea what I was talking about.

  3. #3
    TeamROG Moderator Array xeromist PC Specs
    xeromist PC Specs
    Laptop (Model)Dell Inspiron 15 7567
    MotherboardMSI x470 Gaming Plus
    ProcessorAMD 2600
    Memory (part number)16GB DDR4
    Graphics Card #1GTX980
    MonitorBenQ BL3200PT
    Storage #1Intel 600p NVMe
    CPU CoolerWraith
    Casecustom Antec 900
    Power SupplyCorsair HX1000
    Keyboard Logitech Orion Spark
    Mouse Logitech MX500
    Headset Plantronics 777 with Oregon Aero upgrade
    xeromist's Avatar
    Join Date
    Jul 2010
    Reputation
    294
    Posts
    7,353

    Quote Originally Posted by darkguy2 View Post
    Called the tech support line and they had no idea what I was talking about.
    Not surprising given that the information came out yesterday, on the weekend. It wasn't supposed to come out until today so some vendors may be caught without a response. I don't know if ASUS was one of the vendors informed ahead of time to allow for a patch to be applied.
    * Support disease research with Folding@Home *

    < < < Click the drop-down above my avatar for my PC specs!

  4. #4
    ROG Enthusiast Array XIIIIX PC Specs
    XIIIIX PC Specs
    MotherboardR4 BE
    Processor4930
    Memory (part number)Gskill
    Graphics Card #1GTX1080
    Sound CardX7 LE
    MonitorBig enough
    CaseLevel 10
    Keyboard Claymore
    Mouse Spatha
    Headset AKG
    Mouse Pad Rog big one
    Headset/Speakers Harman GLA
    OS W10

    Join Date
    Feb 2017
    Reputation
    10
    Posts
    63

    https://github.com/kristate/krackinf...are-vulnerable

    "Unless a known patch has been applied, assume that all WPA2 enabled Wi-fi devices are vulnerable."

    Asus is still marked as "No Known Official Response"
    As are almost all mayor players

  5. #5
    ROG Guru: Black Belt Array Korth PC Specs
    Korth PC Specs
    MotherboardASUS X99 R5E (BIOS2101/1902)
    ProcessorHaswell-EP E5-1680-3 SR20H/R2 (4.4GHz)
    Memory (part number)Vengeance LPX 4x8GB SS DDR4-3000 (CMK32GX4M4C3000C15)
    Graphics Card #1NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Graphics Card #2NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Sound CardJDS Labs O2+ODAC (RevB), USB2 UAC1
    MonitorASUS PG278Q
    Storage #1Samsung 850 PRO 512GB SSDs, 4xSATA3 RAID0
    Storage #2Comay BladeDrive E28 3200GB SSD, 8xPCIe2
    CPU CoolerRaijintek NEMESIS/TISIS, AS5, 2xNH-A14
    CaseObsidian 750D (original), 6xNH-A14
    Power SupplyZalman/FSP ZM1250 Platinum
    Headset Pilot P51 PTT *modded*
    OS Arch, Gentoo, Win7x64, Win10x64
    Network RouterActiontec T3200M VDSL2 Gateway
    Accessory #1 TP-Link AC1900 Archer T9E, 1xPCIe
    Accessory #2 ASUS/Infineon SLB9635 TPM (TT1.2/FW3.19)
    Accessory #3 ASUS OC Panel I (FW0501)
    Korth's Avatar
    Join Date
    Mar 2015
    Reputation
    152
    Posts
    2,719

    Wireless is always vulnerable. Encryption is always vulnerable. If you're feeling insecure then stick with wired connections.

    The Wi-Fi Alliance along with their members which actually make Wi-Fi parts (Broadcom, Atheros, Qualcomm, etc) are responsible for these sorts of fixes. They'll rollout to OEMs (like ASUS) once they're done.

    WPA2 has been broken before, many times over the years. Mostly handled and fixed discreetly. Now and then, like today, it generates great alarm.
    "All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

    [/Korth]

  6. #6
    New ROGer Array
    Join Date
    Jun 2013
    Reputation
    10
    Posts
    2

    Quote Originally Posted by xeromist View Post
    Not surprising given that the information came out yesterday, on the weekend. It wasn't supposed to come out until today so some vendors may be caught without a response. I don't know if ASUS was one of the vendors informed ahead of time to allow for a patch to be applied.
    ASUS was notified at the latest on August 28,2017. That is almost three weeks ago. I would think they would have something prepared by now.

    We sent out notifications to vendors whose products we tested ourselves around 14 July 2017. After communicating with these vendors, we realized how widespread the weaknesses we discovered are (only then did I truly convince myself it was indeed a protocol weaknesses and not a set of implementation bugs). At that point, we decided to let CERT/CC help with the disclosure of the vulnerabilities. In turn, CERT/CC sent out a broad notification to vendors on 28 August 2017.

  7. #7
    TeamROG Moderator Array xeromist PC Specs
    xeromist PC Specs
    Laptop (Model)Dell Inspiron 15 7567
    MotherboardMSI x470 Gaming Plus
    ProcessorAMD 2600
    Memory (part number)16GB DDR4
    Graphics Card #1GTX980
    MonitorBenQ BL3200PT
    Storage #1Intel 600p NVMe
    CPU CoolerWraith
    Casecustom Antec 900
    Power SupplyCorsair HX1000
    Keyboard Logitech Orion Spark
    Mouse Logitech MX500
    Headset Plantronics 777 with Oregon Aero upgrade
    xeromist's Avatar
    Join Date
    Jul 2010
    Reputation
    294
    Posts
    7,353

    Yup, found the entry here:
    https://www.kb.cert.org/vuls/id/CHEU-AQNMXY

    All is not lost as there's still a chance that ASUS has been working on rolling out patches but didn't have the call-centers ready to respond. Still, I agree it would be good to at least see an acknowledgement that ASUS is working on patches or has already rolled some out.

    The good news is that most individuals aren't important enough to be targeted. This will be used disproportionately against corporate and gov wifi connections.

    Also note that it's not just ASUS routers. This also can and should be patched on client devices which means ASUS tablets and phones. Luckily laptops and G desktops running Windows were probably already patched by Microsoft.
    * Support disease research with Folding@Home *

    < < < Click the drop-down above my avatar for my PC specs!

  8. #8
    ROG Guru: Black Belt Array Korth PC Specs
    Korth PC Specs
    MotherboardASUS X99 R5E (BIOS2101/1902)
    ProcessorHaswell-EP E5-1680-3 SR20H/R2 (4.4GHz)
    Memory (part number)Vengeance LPX 4x8GB SS DDR4-3000 (CMK32GX4M4C3000C15)
    Graphics Card #1NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Graphics Card #2NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Sound CardJDS Labs O2+ODAC (RevB), USB2 UAC1
    MonitorASUS PG278Q
    Storage #1Samsung 850 PRO 512GB SSDs, 4xSATA3 RAID0
    Storage #2Comay BladeDrive E28 3200GB SSD, 8xPCIe2
    CPU CoolerRaijintek NEMESIS/TISIS, AS5, 2xNH-A14
    CaseObsidian 750D (original), 6xNH-A14
    Power SupplyZalman/FSP ZM1250 Platinum
    Headset Pilot P51 PTT *modded*
    OS Arch, Gentoo, Win7x64, Win10x64
    Network RouterActiontec T3200M VDSL2 Gateway
    Accessory #1 TP-Link AC1900 Archer T9E, 1xPCIe
    Accessory #2 ASUS/Infineon SLB9635 TPM (TT1.2/FW3.19)
    Accessory #3 ASUS OC Panel I (FW0501)
    Korth's Avatar
    Join Date
    Mar 2015
    Reputation
    152
    Posts
    2,719

    I think attempts are always made to keep platform security vulnerabilities under the radar.

    No need to panic/anger the masses who may lose confidence in your brand and who will almost certainly demand an instant fix for their insecurities. Drop everything else. Get it done RFN, most extremely urgent top priority. I bought your product so you OWE me. Don't want my Facebook hacked. As if the Powers That Be aren't already swamped by pressures from financial, corporate, and government institutions, they need a little prompting from Joe Consumer to actually put down their donuts and start working.

    And no need to advertise technical details to greasy devs who might want to maliciously exploit them, or worse, escalate severity of the problem by dumping kiddy hacks all over the internet.
    Last edited by Korth; 10-16-2017 at 09:41 PM.
    "All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

    [/Korth]

  9. #9
    ROG Guru: Yellow Belt Array
    Join Date
    Mar 2017
    Reputation
    13
    Posts
    132

    Quote Originally Posted by xeromist View Post
    Yup, found the entry here:
    https://www.kb.cert.org/vuls/id/CHEU-AQNMXY

    All is not lost as there's still a chance that ASUS has been working on rolling out patches but didn't have the call-centers ready to respond. Still, I agree it would be good to at least see an acknowledgement that ASUS is working on patches or has already rolled some out.

    The good news is that most individuals aren't important enough to be targeted. This will be used disproportionately against corporate and gov wifi connections.

    Also note that it's not just ASUS routers. This also can and should be patched on client devices which means ASUS tablets and phones. Luckily laptops and G desktops running Windows were probably already patched by Microsoft.
    Microsoft patched Windows for this last patch tuesday (October 10), but did not announce that it was included.
    https://www.windowscentral.com/micro...-vulnerability

    I noticed that Intel released new drivers for many WiFi-chips today where this is patched.
    Sadly, my motherboard (Zenith Extreme) uses WiFi chip from Qualcomm, so I must use Windows for now to be protected if I create a WiFi connection.

  10. #10
    ROG Guru: Green Belt Array haihane PC Specs
    haihane PC Specs
    MotherboardCrosshair V Formula Z
    ProcessorAMD FX 8350
    Memory (part number)Gskill F3-2400C10-8GTX
    Graphics Card #1ASUS HD 6950
    Storage #1WD Velociraptor 1TB
    Storage #2Corsair Neutron GTX 120GB SSD
    CPU CoolerCooler Master Seidon 120XL
    CaseCooler Master Silencio 650
    Power SupplyCorsair HX850
    Keyboard Corsair K70 RGB
    Mouse Logitech G500
    OS Windows 7 X64
    Network RouterLinksys E2500
    haihane's Avatar
    Join Date
    Jul 2013
    Reputation
    106
    Posts
    609

    Quote Originally Posted by Korth View Post
    And no need to advertise technical details to greasy devs who might want to maliciously exploit them, or worse, escalate severity of the problem by dumping kiddy hacks all over the internet.
    i think the opposite is true.

    want to get something done, expose it to the wide public to force a reaction.

    equifax breach was caused because things were kept under wraps. scishow made a breakdown video that even a commoner like me could understand.

    while, perhaps, wannacry reached a certain lethality because people tried to keep it under wraps, while third party security investigators kept trying to make it publicly known to little success.

    either way (to keep it under wraps, **** still happens. to expose it to wide public, unscrupulous people would still take advantage and infect as many before it gets patched / contained), you're still screwed. the choice is a hard one. i'm still in favor of exposing it to public to force a quick response.
    no siggy, saw stuff that made me sad.

Page 1 of 2 1 2 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •