KRACK Wi-Fi Vulnerability


#1

Sense takes your data security seriously and is working to address issues around the KRACK Wi-Fi vulnerability that was discovered in WPA2 a week or so ago. Check back here for updates on the fix.

Keep in mind that everything we send over HTTPS is encrypted, so even if your Sense Monitor’s network traffic is exposed using this vulnerability, your data cannot be read.

For more information on the KRACK vulnerability, take a look at this article: http://www.zdnet.com/article/wpa2-security-flaw-lets-hackers-attack-almost-any-wifi-device/.


#2

That depends on how you’re handling the HTTPS. If you’re not using public key pinning or mutual authentication, the HTTPS connection could also be subjected to a man-in-the-middle attack.


#3

Not to worry @michael.davie. We use hostname validation on the certificate and mutual authentication so we are safe from a man in the middle attack.


#4

Ben / Team:

Totally agree and understand on potential mitigations for unauthorized monitoring - but also share Michael’s perspective that, depending on specific details, there IS risk for MiTM attacks if all traffic if flowing through a hostile AP allowing traffic tampering. Defense-in-depth suggests we close this ‘loophole’ as quickly as possible.

Cheers,
Billy


#5

Update: As of firmware version 1.8.1661 (released last night), a fix has been implemented!


#6

How do we update? do you push it or do we need to update?


#7

@Becky: Firmware updates are automatically pushed (at 7am UTC of the release day). You can see what firmware your monitor is running by going to ‘Settings’ > ‘My Home’ > ‘Sense Monitor’