WPA2 Vulnerabilities (KRACK) fix

Tips, tricks and frequently asked questions
Post Reply
Hsd
Posts: 18
Joined: 15 Dec 2014, 15:56

WPA2 Vulnerabilities (KRACK) fix

Post by Hsd »

So this vulnerability is serious.

Can Netatmo provide an update when the weatherstation will receive a fix for this?
ALFo
Posts: 3
Joined: 24 Sep 2017, 18:00

Re: WPA2 Vulnerabilities (KRACK) fix

Post by ALFo »

+1
gloglo36
Posts: 9
Joined: 04 Sep 2017, 10:36

Re: WPA2 Vulnerabilities (KRACK) fix

Post by gloglo36 »

+1
zomt
Posts: 6
Joined: 05 Nov 2016, 19:31

Re: WPA2 Vulnerabilities (KRACK) fix

Post by zomt »

+1
Brieuc_Netatmo
Posts: 3088
Joined: 02 Jan 2014, 11:20

Re: WPA2 Vulnerabilities (KRACK) fix

Post by Brieuc_Netatmo »

Hi,
KRACK is a known vulnerability of Wi-Fi protocol that allows a hacker near your Wi-Fi network to read information that passes through it.
All NETATMO products use encrypted and secure protocols (HTTPS or VPN tunnel depending on the product) to communicate via Wi-Fi. This means that only our servers are able to decrypt the data.
Thus, even if a malicious person tries to intercept the information of NETATMO products, he could not decipher it.
Have a nice day!
Brieuc - Netatmo Team
tmoatmo
Posts: 3
Joined: 03 Aug 2017, 16:20

Re: WPA2 Vulnerabilities (KRACK) fix

Post by tmoatmo »

The practical risk for Netatmo devices is probably very low. But according to the website set up to document the vulnerability at krackattacks dot com , it affects the WIFI standard as a whole and can allow under some circumstances to inject and manipulate data. So while it is OK that the Netatmo device uses the HTTPS protocol to protect the communication between the device and the Netatmo server, it is nevertheless an IOT device running as a WIFI client. The scope of the vulnerabilty seems to go beyond the simple communication between a device and a single server using HTTPS. From reading the various sources of information on the subject, the recommendation seems to be to patch all WIFI clients...
Aarto
Posts: 8
Joined: 17 Jul 2017, 19:24

Re: WPA2 Vulnerabilities (KRACK) fix

Post by Aarto »

As far as i understand the vulnerability, attacker can set up a WIFI network with same SSID as mine and make the Netatmo device connect to that WIFI network instead of my network. In which case the attackers can direct the traffic as they please, blocking access to my Netatmo Welcome camera, weather stations, thermostat etc,
Even if attacker cannot decode what my devices are sending, they can still gain control of WHERE my devices are sending the data. That is why all IoT devices should be patched.
jdefuria
Posts: 4
Joined: 14 Aug 2017, 23:35

Re: WPA2 Vulnerabilities (KRACK) fix

Post by jdefuria »

All NETATMO products use encrypted and secure protocols (HTTPS or VPN tunnel depending on the product) to communicate via Wi-Fi. This means that only our servers are able to decrypt the data.
Thus, even if a malicious person tries to intercept the information of NETATMO products, he could not decipher it.
It seems as if Brieuc_Netatmo does not understand the vulnerability whatsoever.

Yes, Great for the Netatmo data, but other network traffic could be sniffed and a man-in-the-middle attack could redirect packets on your local wifi. Disheartening to see Netatmo not care about users privacy, because at this point it could be used as the exploit to get into a local network.

If this isn't fixed, the next step is to start with Amazon/Facebook and other social media reviews. While I have been favorable towards Netatmo in the past, if security are not forthcoming, I will make sure other, non tech-savvy individuals will know about the flaws.
Post Reply

Return to “General questions”