KRACK WPA2 Vulnerability and EVRYTHNG

As many of you probably heard a severe vulnerability has been discovered in WPA2. This is important as WPA2 is the most widespread WiFi security protocol and it is used by a vast majority of routers, mobile phones, computers and IoT devices to secure WiFi communication. The details of the exploit (named KRACK) are available here so, in this post we focus on what's the impact for EVRYTHNG's customers and IoT devices.

## What is affected?

All WPA2 clients are affected which means all devices supporting WiFi: routers, mobile phones, laptops and IoT devices with embedded WiFi capabilities.

## What are the consequences of the attack?

The traffic from vulnerable devices might be decrypted by attackers meaning they would get access to all the data transmitted over WiFi. With certain network configurations, attackers can also inject data into the network, remotely installing malware and other malicious software.

## Is the EVRYTHNG Platform affected?

Our cloud platform only uses wired communication. None of our cloud systems rely on WPA2 and hence the EVRYTHNG platform is unaffected by this vulnerability.

Are EVRYTHNG SDKs affected?

Our client SDKs rely on WiFi connectivity with WPA2. All our SDKs, including the unsupported community SDKs do not implement WPA2 but rely on the operating system implementation, hence they will automatically benefit from any patches applied to the underlying operating system. How to apply the patch and the availability of a patch depends on the specific operating system, in particular:

Java SDK, EVRYTHNG.js
Target Operating Systems:

Android SDK - Android is being patched, a patch is expected to start being deployed on November 6 2017.

iOS SDK - iOS has been patched

Marvell SDK - WMSDK patch has been released and tested successfully with the EVRYTHNG Marvell SDK.

Broadcom / Cypress SDK - WICED patch being worked on, we will test our SDK against the patched release as soon as possible.

FreeRTOS SDK - No WPA2 implementation, this depends on the WPA2 implementation of the device it is deployed on.

THNGHUB - THNGHUB runs on Linux and hence depends on the availability of a patch for the target Linux.

Generally, applying these patches require checking for OS updates and applying them. More information about the specific process for different OS can be found here.


What is the best way to protect my customers' devices?

The best way to protect devices is to ensure the operating system gets patched as soon as a patch is available. The potential of the attack when it comes to communicate with the EVRYTHNG Platform can be minimized by ensuring that you only use one of our secure protocols: HTTPS, WSS and MQTTS to communicate with EVRYTHNG. These protocols all use TLS v1.2 and hence add a level of encryption meaning that even if a WiFi network is compromised attackers still would not get clear text data. As you know we already started to phase out our non TLS protocols so it is definitely the right time to make the switch.

Make sure you also have a good read of our simple steps to improve security.

Do not hesitate to contact our support should you have any questions about this vulnerability.