Firmware WPA patch for Krack

#1

Hello,

I’ve been using my WD My Net 900 for a couple of years. No problems whatsoever, but the last firmware update was 2013. Will there be a firmware patch for Krack, or do I need to find a new router?

Thanks!

#2

I am also using a My Net 900 Router. PLEASE RELEASE A PATCH. My router works perfectly and I really don’t want to replace it. If I had to due to the lack of support, I doubt I would buy another WD product.

Here is more information on the Krack. I hope it helps.
https://www.krackattacks.com/

#3

I have the AC1300 router and have the same question. I have read that Windows users (7, 8, 10) that are up to date are already protected from the Krack exploit. Is that true? Will Western Digital release a firmware update for additional protection?

#4

I’m using Windows 7 and updating Windows is not an option for either of my PCs. (Microsoft decided to block what they consider to be newer processors in order to push Windows 10.) All I can do now is use HTTPS and wait for that patch.

#5

I am a little shocked by the lack of engagement in the community regarding this latest vulnerability… I suppose the only option left is to replace. Anybody have any suggestions, as I will not consider WD. Linksys maybe?

#6

I feel the same way. Legacy product or not, I think WD needs to release a patch. If they just ignore this, I won’t be buying anything from them ever again. I don’t want to take the risk that a device I’m paying $80 is just going to be rendered randomly useless due to the lack of support.

#7

I also have to agree. Yes, the routers are a legacy product, and Western Digital might feel that it is not worth spending any money to support a product that has been discontinued, but I think they are forgetting the effect that their decision will have on its customers and future sales. As PaintedGirl pointed out, many customers will be less inclined to buy a WD product because of the lack of support for a serious issue.

#8

My brother-in-law’s business has a Linksys router (EA6100). Linksys fell out of my favor after Cisco sold them as product development usually suffers after a unit is sold. However, when I looked at his Linksys router, I was pleasantly surprised by two things:

  1. Linksys had already rolled out a firmware release as of 07.11.17 addressing the vulnerability. Meaning, when Linksys was notified along with other big vendors, they actually did something about it and resolved it before it was announced.
  2. The router has a feature where the firmware automatically updates. Typically, I would not be a huge fan of this option…but I am warming up to the idea. It is not like firmware updates are that regular, as opposed to, say, android updates which include unwanted functionality at times.

I think I know where I am going to look…

#9

I do not think there will be a firmware update for the My Net N900 that addresses KRACK.

I emailed WD Support about KRACK. Their reply implied that WD no longer supports the N900.
I asked two questions:
-1) Is the N900 susceptible to KRACK?
-2) Will updated firmware be released?
The Support response:
-“I am sorry to inform you that this device is a legacy product and WD is not manufacturing these devices form the very long time. Hence, there is no updated firmware available for this product.”
Unfortunately the response does not directly answer my questions. But it implies that WD has abandoned this product.

Keep in mind, there is a chance that the N900 is not affected by KRACK. I pulled the following info from krackattacks.com.
“Routers or access points (APs) are only vulnerable to our attack if they support the Fast BSS Transition (FT) handshake, or if they support client (repeater) functionality. First, the FT handshake is part of 802.11r, and is mainly supported by enterprise networks, and not by home routers or APs. Additionally, most home routers or APs do not support (or will not use) client functionality. In other words, your home router or AP likely does not require security updates. Instead, it are mainly enterprise networks that will have to update their network infrastructure (i.e. their routers and access points).”

Needless to say, I will not buy WD products in the future. The N900 product continues to have glitches that were never fully resolved. The last firmware update was in 2013, before I even purchased my N900.

1 Like
#11

We’ve got 15 devices attached to a WD My Net AC1300 and Wd AC bridge including 3 desktops, 1 Laptop, 4 phones (3cell & 1 landline), 2 printers and a maze of tablets, a Roku Premiere+ and a WDTV Hub which provided us with excellent service UNTIL THE CURRENT KRACK THREAT.
I understand that a hole in the WPA code was discovered and provides an error that Krack can penetrate in WPA and WPA2 security affecting all devices in the network.
Wd is not giving us any choice but to go elsewhere to protect our investments.
Maybe they can release the code so that a lay programmer could rewrite or provide a patch for us.

1 Like
#12

Wow. There’s still no patch or even acknowledgement from WD? I’ve been buying WD hard drives for all of my devices in addition to this router since 2007. I know WD doesn’t make routers anymore, but seriously, I am not going to bother buying any more Western Digital products.

If they won’t even bother to fix a major security flaw with this firmware, why trust their other products?