Security Notice: Key Reinstallation Attack

Follow

Background

To all Datto Networking users:

On October 16 a WPA2 exploit was disclosed known as Key Reinstallation Attack (KRACK) that affects all WPA2 protected Wi-Fi networks. This exploit could lead to user’s WiFi traffic becoming comprised. Further background on the exploit can be found here.

Impact

  • This exploit affects any wireless product using WPA2 encryption, which includes all Datto access point products.
  • Those using 802.11r or mesh repeaters are most susceptible.
  • Client devices that have not received a security update specifically addressing this issue are also susceptible.
  • The exploit requires physical proximity to the network.

Fix

  • A new firmware version is currently under test, and we expect to qualify and publish the new version of 6.3 by end of day Tuesday, October 17. An update to 6.4 will be available at that time or shortly after.
  • Once new firmware is available:
    • all networks that have “Automatic Upgrades” enabled will begin upgrading during their scheduled maintenance window, and
    • customers who wish to immediately upgrade all access points on their network can select “Upgrade Now” under Configure > Maintenance, in the access points section.

Mitigation

  • Turn off 802.11r until you’ve received the firmware update.
  • End users should contact their WiFi client device manufacturers for security updates related to their specific client devices.

Questions / Feedback

If you have any questions or concerns about this vulnerability or the upgrade process, please reach out to Datto Support.  

The Datto Networking team  


Was this article helpful?

1 out of 1 found this helpful

You must sign in before voting on this article.

Want to talk about it? Head on over to our Community Forum!