cancel
Showing results for 
Search instead for 
Did you mean: 

Beware of KRACK!

40246 Views
Community Manager

If you are like me and love to read about all the recently published firmware updates (Hey, most of my TV shows are on winter break), you will notice most of them mentioned KRACK.  What exactly is KRACK?  That is an excellent question.  Let’s have a look.

 

In recent weeks, a vulnerability was uncovered in the WPA2 Wi-Fi security protocol.  This vulnerability called a “KRACK Attack”, uses Key Reinstallation AttaCKs (KRACK, get it?) to read information that is safely encrypted under normal circumstances.  Information we all hold dear such as passwords, banking information, credit card information, etc.  Behind the scenes, a key reinstallation attack is too complicated to describe in this blog, but imagine there was a virus that could change all security encryption keys to all zeros. 

 

This vulnerability impacts all devices which use Wi-Fi regardless of type, including laptops, TVs, Wi-Fi routers and of course, mobile devices.  This is due to the fact that it is related to the WPA2 protocol itself, and not an individual product or implementation of WPA2.

 

As soon as we were notified of any potential vulnerabilities, we worked closely with OEMs to address those issues as quickly as possible.  Patches were rolled out ASAP and continue to be as of this writing.

 

With that said, you are in luck!  To date we have already released software updates to secure your devices from KRACK on the following:

 

The Essential                       Version NMJ32F                            12/06/2017

LG G3                                  Version LS990ZVI                          11/28/2017

LG G5                                  Version LS992ZVD                        11/28/2017

LG G6                                  Version LS993ZV9                         11/21/2017

LG V20                                Version LS997ZVB                         11/21/2017

Samsung J3                        Version J327PVPU3AQJ3              11/06/2017

Samsung J7                        Version QJ3                                    11/20/2017

Samsung Note 5                 Version N920PSPT3DQK1             12/04/2017

Samsung S6                       Version G920PVPS4DQJ1             11/13/2017

Samsung S6 Edge              Version G925PVPS4DQJ1             11/13/2017

Samsung S6 Edge+            Version G928PSPT3DQK1            12/04/2017

Samsung S8                        Version G950USQU1AQJH           11/20/2017

Samsung S8+                      Version G955USQU1AQJH           11/20/2017

 

Nexus and Pixel users, you have not been forgotten.  The KRACK vulnerability was addressed in Google’s Android security update for November.  And as an added bonus!!  A patch has been released by Microsoft to address KRACK within Windows operating system on October 10, 2017.  The moral of the story is to keep your devices up to date with the most recent versions of all software for optimal performance and security.  And of course, KRACK is WACK!

18 Comments
Sprint Product Ambassador

great to know. What about newer devices like the LGV30+? Was this already covered at release? 

Community Manager

The KRACK vulnerability was addressed in Google’s Android security update for November.  Regarding the LG V30+, unfortunately the Android security patch level is October 1.  You can check the security level on most devices by going to Settings - About Phone - Software Info - Android Security Patch Level.

Journeyman
It's too bad that for some of us, who like a device model that is a bit "vintage" (when compared to the list of patched devices above) there is no fix for those devices as well. I am going to reference the LG-V10 for one. I have a large collection of devices that I use for my channel and have to purchase them on my own. I know several others in my circles that still like and use this device as their daily driver. It would be nice to see some support for it and other Oder devices in matters like this. I do understand that you can not support a device forever. But a "Flagship" device, that you spend a large portion of money on should be supported for more than a couple of years. That is why people spend the extra money on these "Flagship" devices, because they are built to last. Its just a shame the software isn't as well. I just thought I would post it because I know I'm not the only one thinking this way.
Community Manager

Agreed!  You should see my desk and the den at home.  I still rock my HTC M7, Palm Pre, and every Nexus/Pixel in between!  The business side is what makes these decisions given there are a lot of logistics involved.  Popularity, OEM resources, cost in deployment, how much of said base is still active on the network etc. 

 

With that said, it is getting better.  In the past, we would see OEMs abandon the project after a year and 18 months.  Now, we see OEMs committing to 2 and 3 years of software updates.  Hopefully, this trend will continue in our favor.

Journeyman

So is the Galaxy S5 going to get a KRACK patch and Blueborne patch?

Community Manager

More than likely not.  That device is end of life and the last security patch was April 2017 I believe.

Journeyman RGR
Journeyman

What about Blackberry Keyone's?  Was there a release to address this?

So far recd Nov 2017 AAR160, December AAS 441,and finally today- March 2018 AAW378 -  any info appreciated! Also plz note that AAS441 had some stability issues and many found their LTE 4G service not working after update. I had this issue after November update and phone randomly reset the APN's days later on its own!! Never figured out why or how that occurred! What is included in the release today AAW378 ?

Community Manager

The BB Keyone was already updated.  AAW378 has the security patches up to March 2018.  Any security patch after November 2017 is KRACK fixed.  AAW378 is just the February and March Android Security updates.

 

Regarding the LTE issue, it's due to the Keyone only uses IPv6 only where other devices use IPv4 and IPv6.  If you find yourself having issues, give us a call and we can put you on IPv4 only.

Journeyman RGR
Journeyman

How to check what my phone is on?IPv4 or IPv6?

What does this stand for?

Others Keyone's (not Sprint) had new features included in Dec updates - like locker and spacebar to answer the phone- Do u know what features included in today's update AAW378   Thanks!

Community Manager

The Keyone is IPv6 only by default.  It stands for Internet Protocol version 6.  You can learn more about it here.  

 

The only thing in AAW378 are Android Security patches for February and March.

Journeyman RGR
Journeyman

If I am on AAR160 on my Keyone -is it fixed against KRACK attack?

My phone shows iPv6 /iPv4  under apn protocol and APN roaming protocol - I have not updated the since November as many report loss of LTE - I too had this after the Nov update but somehow network reset itself and now different APN's and LTE works if APN labeled n.ispsn is checked for Bearer LTE. I have not updated to the last 3 (dec, Mar, April) security updates for fear of losing LTE again!

Community Manager

Yes, it is, but it is susceptible to other vulnerabilities because it's 4 versions behind.

Journeyman RGR
Journeyman

I have not received AAY205 as yet. And afraid to update to aaw378 -don't want to lose LTE again. I wrote to you what my settings show- is the way it is set correct to maintain LTE? I never changed anything in APN's -  my APN's show n.ispsn -  the only one checked is the 2nd in the list and includes under "Bearer" LTE.

 

Community Manager

I'm at home and do not have a lab phone, so this is from memory. I thought the APN was cinet.spcs and Bearer is unspecified. 

Journeyman RGR
Journeyman

Okay - we are talking about 2 different areas under cellular networks;

Where it says cinet.spcs

There is no circle to checkmark and when I open that I see my APN shows iPv4 for roaming and protocol. I was referring to the n.ispsn that is checked off  (it used to show x.ispsn when I first got phone but somehow updated to n.ispsn ) there when u open it it shows Bearer LTE and the APN has 3 choices inside that menu and the one that was checked shows iPv4/iPv6 (other choices are just iPv4 or iPv6 .  In conclusion is my phone set up correctly for updates and will not lose LTE once AAY205 comes through? Thanks!

Community Manager

AAY205 should not come through until you update the preceding versions. 

Journeyman RGR
Journeyman

Given the issues you discovere with LTE loss- is my apn setting correct ?to enable lte when I update the phone? Also - every version has appeared to update since November - even though I haven't updated to previous version. 

Community Manager

I never checked APNs, just blocked IPv6 and it worked.

About the Author
  • In addition to being a Sprint Employee and Product Ambassador, GeekGeoff is an unabashed Star Wars fan, Tech Junkie and Father to a precocious 9 year old. When he’s not writing blogs, he can be found playing video games, searching for the best donut shop or debating which Doctor is the best (for the record, it’s number 10).
  • SeaWolf makes port here on Sprint's Community after running a somewhat popular blog, a mildly successful Twitter account and serving as the most-hated fandom Message Board Manager EVAR. Current Phone: Samsung S8 Areas of Expertise: Care topics and corny jokes