Genexis has been aware of the WPA2 “KRACK” issue since October 16th. As Genexis is not using Access Point Mode with 802.11r our routers are not affected by this security gap itself. A possible theoretical crack attack is directed against the WiFi connection of a client who logs in to the WiFi.
In order to counter this gap also from the router side, Genexis has been in contact with all WiFi chip manufacturers who are involved in our WiFi products since 17 October. As soon as it is confirmed that a product or product line can be protected by a FW patch from the chip manufacturer, Genexis will integrate this into a new software version of DRGOS and GeneOS and will supply this new firmware to all operators. The operator then automatically updates all routers in the field.
Background to the “WPA2-KRACK”
A possible theoretical crack attack is directed against the WiFi connection of a client who logs in to the WiFi. In order to interfere with WiFi communication between an unsafe client (laptop, smartphone, TV with WiFi) and an access point, extensive prerequisites are necessary. An attacker must be in immediate physical proximity to the client. And he has to put himself in the form of a man-in-the-middle attack between the client and the access point. A prerequisite for this hard-to-execute attack is that the client volunteers. To do this, the attacker would have to be closer to the client than the access point. Depending on the client’s configuration, only the client’s sending data can be read.
Independent of WiFi, relevant connections are encrypted at higher levels. These include HTTPS connections (search queries, online banking, online shopping, Facebook, WhatsApp etc.), which can be recognized by the lock icon or the green display at the browser address. This encryption is still safe.
At no time is it possible with the Krack-mentioned security gap to become a complete participant of a foreign WLAN. The practical importance of the Krack-gap seems to be limited by the difficulty of the attack, the imperative necessity to be nearby and the continuing active encryption at higher levels.