The problem of wpa2 (KRACKs)

sankyo.toshio · October 31, 2019, 4:01am

Hi,
I’m using balenaOS 2.32.0+rev1 and device type is Raspberry Pi 3.
I was pointed out by security research company that the version of wpa2_supplicant of the device is a version that is affected by KRACKs (https://www.krackattacks.com/)

The version of wpa_supplicant of my balena OS is v2.6 which is possibility to be attacked.
I’m afraid of this problem.

I found a pull request (https://github.com/balena-os/meta-balena/pull/885) which probably related to this issue, but this doesn’t seem to merge.
Are there any plans to update wpa_supplicant or any other plans?

Best regards.

telphan · October 31, 2019, 8:17am

Hi,
If the PR you pointed at is meant to fix/mitigate this vulnerability, those patches have been applied upstream and merged into balenaOS a long time ago, I believe since v2.4.0.
Are there other patches you are aware of that we do not apply?
Kind regards,
Theodor

afitzek · October 31, 2019, 12:20pm

Hi,
To follow up on this. We recently merged this PR (https://github.com/balena-os/meta-balena/pull/1714), which updates wpa_supplicant to v2.9. So this will appear in one of the next balenaOS versions.
Best regards,

Topic		Replies	Views
Raspberry PI 3 WPA2-Enterprise 802.1x broken on BalenaOS 2.43.0 Product support	7	1068	January 13, 2020
Raspberry PI 4 WPA2-Enterprise 802.1x broken on balenaOS 5.1.54 Product support	1	116	March 20, 2024
Updating firmware to address an upstream bug balenaOS raspberrypi4	4	284	June 30, 2021
BalenaOS 2.39 UP Boards Product support	16	639	December 6, 2019
P2P/WiFi-Direct Support? balenaOS wifi , network , resinos	6	1691	January 21, 2019

The problem of wpa2 (KRACKs)

Related topics