KRACK vulnerability for WPA2


#1

Hi Denis!

Just seeing word of a crazy WIFI issue with respect to WPA2 called “KRACK” and I was wondering when we could anticipate a patch for that - assuming one would come from you. Or would that be from the particle service? Thank you, sir. :slight_smile:


#2

Yeah, I saw the posts about that. The WPA2 implementation is few layers down, but we’ll get the fix when it bubbles up through the vendor chain. Here’s the reassuring quote from Particle:

It’s worth mentioning that all Particle devices maintain a secure and encrypted session that does not rely on the security of the Wi-Fi network. We’re definitely going to patch quickly and often, as always, but we expect a Particle device to be secure on a totally unsecured WiFi network, so a compromised WPA2 network isn’t a threat.


#3

That’s great news. Thanks for the update.


#4

While the particle side may be safe it’s still a potential problem when the devices need to connect to the WiFI using WPA2.


#5

Garadget is a Particle device (uses Particle’s module and connects to their cloud service). The above statement fully applies to your Garadget.


#6

From Patricle:

We use a 43362 module and are vulnerable to “group 2” of the CVEs (CVE-2017-13080, CVE-2017-13081). By the end of October, Cypress will release the following WICED Studio versions that will address these CVEs:

4.1.3
5.2
6.0

As soon as we get those versions of WICED Studio, we’ll release system firmware versions with the patches. At that point, all of you can build your apps with those new system firmware versions, and all will be well.


#7

Relevant thread in Particle Community Board and general info about the issue.