KRACK Bulletin

Follow

Security Notice: Key Reinstallation Attack

Background

On October 16, 2017 a WPA2 exploit was disclosed known as Key Reinstallation Attack (KRACK) that affects all WPA2 protected Wi-Fi networks. This exploit could lead to user's WiFi traffic becoming compromised. Further background on the exploit can be found here.

Impact

  • Affects any wireless product using WPA2 encryption, which includes all Open Mesh AP products.
  • Client devices that have not received a security update addressing this issue are also susceptible.
  • Those using 802.11r or mesh repeaters are most susceptible.
  • The exploit requires physical proximity to the network.

Fix

Open Mesh has provided patches for the following versions: 481, 590, 6.1.x, 6.2.x, 6.3.x and 6.4.x

Unpatched FW Version Patched FW version Availability Date
6.4.1 (Latest) 6.4.2 October 20, 2017
6.3.15 (Stable) 6.3.16 October 17, 2017
6.2.12 (Previous Stable) 6.2.13 October 19, 2017
6.1.2 6.1.4 October 18, 2017
590 fw-ng-r590-v4 November 1, 2017**
481 fw-ng-r481k November 1, 2017**

To obtain the patched firmware:

  • Enable “Automatic Upgrades” under Configure -> Maintenance and your network will begin upgrading during your defined maintenance window.
  • Customers who wish to immediately upgrade all access points on their network can select “Upgrade Now” and the installation process will complete in 15-20 minutes.
  • **For EOL versions 481/590 the patch needs to be manually applied through a custom.sh script. In CloudTrax, browse to Configure -> Advanced, copy the below link into the "custom.sh server" field and then click Save Changes: http://files.cloudtrax.com/downloads/custom/omf1227/

Mitigation

  • Turn off 802.11r until you’ve received the firmware update. This is done under Configure -> SSID# for any SSID that has it enabled.
  • End users should contact their WiFi client device manufacturers for security updates related to their specific client devices.

Questions / Feedback

If you have any questions or concerns about this vulnerability or the upgrade process, please reach out to Open Mesh support.

Have more questions? Submit a request!

Powered by Zendesk