Publish Date
20th October, 2017
News Type
News

Update 21.11.2017
As written below Genexis routers are not affected by the security gap itself.
Patches available for GeneOS software to help reduce risk on unsafe clients have already been integrated.
For DRGOS software, chip vendors are not releasing work-around patches related to unsafe clients due to expected compatibility issues between routers and clients.
In general, we recommend end users to upgrade all WiFi clients as soon as possible.

Genexis has been aware of the WPA2 “KRACK” issue since October 16th.
As Genexis is not using Access Point Mode with 802.11r, our routers are not affected by this security gap itself. A possible theoretical key reinstallation attacks KRACK are directed against the WiFi connection of a client who logs into the WiFi router.

In order to counter this gap also from the router side, Genexis has been in contact with all WiFi chip manufacturers who are involved in our WiFi products since 17 October. As soon as it is confirmed that a product or product line can be protected by a FW patch from the chip manufacturer, Genexis will integrate this into a new software version of DRGOS and GeneOS and will supply this new firmware to all operators. The operator then automatically updates all routers in the field.

Background to the “WPA2-KRACK”:
A possible theoretical KRACK attack is directed against the WiFi connection of a client who logs into the WiFi. In order to interfere with WiFi communication between an unsafe client (laptop, smartphone, TV with WiFi) and an access point, extensive prerequisites are necessary. An attacker must be in immediate physical proximity to the client. And he has to put himself in the form of a man-in-the-middle attack between the client and the access point. Another prerequisite for this hard-to-execute attack is that the attacker must start the attack at the moment when the WiFi client is logging into the WiFi router and not after the connection is already established. Depending on the client’s configuration, only the client’s sending data can be read.

Independent of WiFi, relevant connections are usually encrypted at higher levels. These include HTTPS connections (search queries, online banking, online shopping, Facebook, WhatsApp etc.), which can be recognized by the lock icon or the green display at the browser address. These encryptions are still safe.

At no time is it possible with the KRACK-mentioned security gap to become a complete participant of a foreign WLAN. The practical importance of the KRACK-gap seems to be limited by the difficulty of the attack, the imperative necessity to be nearby and the continuing active encryption at higher levels.