The Key Reinstallation Attack or KRACK has been in the news a lot since the vulnerability was made public by researchers in October. The current industry accepted security protocol for WiFi access, WPA2, which had been believed to be hitherto secure is affected by this vulnerability. 

 

WPA2 is used by WiFi clients like laptops, mobile phones, tablets, routers, IoT devices etc to securely join a WiFi network. KRACK affects the 4-way handshake that the WPA2 protocol uses for WiFi clients joining with a pre-shared key, rendering it vulnerable to man-in-the-middle attacks. Attackers can eavesdrop, decrypt and perform replay attacks against a WiFi client by leveraging this vulnerability.

 

When DrayTek wireless products, such as wireless routers and access points, are used as wireless base stations, they are not affected by the KRACK vulnerability; therefore patches or updates are not required.

 

However, other devices connecting to DrayTek products and functioning as wireless clients (e.g., mobile phones, tablets, laptops, and etc.,) could be vulnerable. You should check with device vendors to determine if updates are needed.

 

When DrayTek products are used as wireless clients and access the Internet with universal repeater or wireless WAN modes, the wireless traffic is susceptible to interception as the router or access point is acting as a wireless client. DrayTek will be releasing the following firmware updates to address the issue.

 

Routers with wireless WAN support, and their corresponding fixed firmware versions:

*Please note that routers that are not listed above are not affected by the KRACK vulnerability.

 

Access points with universal repeater or Station-Infrastructure support, and their corresponding fixed firmware versions: